INTEL WIRELESS
Wired Stuff
WiFi Tablet Corner
My80211 White Papers (Coming Soon!)

Cisco Wireless Compatibility Matrix (Nov. 2011)

Podcasts / Videos

My80211 Videos

Cisco: 802 11 frames with Cisco VIP George Stefanick

Fluke Networks: Minimize Wi Fi Network Downtime

Aruba: Packets never lie: An in-depth overview of 802.11 frames

ATM15 Ten Talk “Wifi drivers and devices”

Houston Methodist Innovates with Wireless Technology

Bruce Frederick Antennas (1/2)

 

Bruce Frederick dB,dBi,dBd (2/2)

Cisco AP Group Nugget

Social Links
Revolution WiFi Capacity Planner

Anchor / Office Extends Ports

 

Peek Inside Cisco's Gear

See inside Cisco's latest wireless gear!

2.4 GHz Channel Overlap

EXAMPLE 1  

EXAMPLE 2

EXAMPLE 3  

CWSP RELEASE DATE 2/08/2010
  • CWSP Certified Wireless Security Professional Official Study Guide: Exam PW0-204
    CWSP Certified Wireless Security Professional Official Study Guide: Exam PW0-204
    by David D. Coleman, David A. Westcott, Bryan E. Harkins, Shawn M. Jackman

    Shawn Jackman (Jack) CWNE#54 is a personal friend and has been a mentor to me for many years.  I've had the pleasure and opportunity to work with Jack for 4 years. Jack is a great teacher who takes complex 802.11 standards and breaks them down so almost anyone can understand the concept at hand. I'm excited for you brother. Great job and job well done! Put another notch in the belt!

IEEE 802.11a/g/n Reference Sheet

 

LWAPP QoS Packet Tagging

 

 

Interference Types

BLUETOOTH
 

Microwave Oven
 

Cordless Phone

JAMMER!
 

« WLC: Predownload the Image to the Access Points from the controller CLI | Main | Cisco Wireless Solutions Software Compatibility Matrix »
Saturday
Feb122011

GEORGE STEFANICK - CWSP JOURNEY, (CHAPTER 4 –AAA, POST#8)- 2/11/2011

I’m back !!!!! On the study horse that is...

AAA – What is it ?

“Triple A”, as it is sometimes called, is a model for access control. It really is the model and basic frame work for security. There are 3 distinctive features in AAA, which are:

Authentication

Authorization

Accounting

Authentication

Authentication is the process to determine whether someone or something (entity) is, in fact, who they say they are.  This is commonly done with user credentials (logon and password). The credentials are then presented to a “server” for verification. Other means, such as tokens and digital certificates can also be used in place of or combined with user credentials. This is called multi layer authentication. It is used to enhance the authentication process.

Authentication uses UDP port 1812, prior to IANA allocation 1645

Authorization

Once the entity is authenticated. Authorization can then take place. Authorization is the process of granting access or permissions to the entity. You are allowing the entity the privilege to do or have access to something on your network.

Accounting

Accounting is a means of keeping track of the entity, while on the network. This is often used by security to track what the entity did, how long they were on the network, what commands they may have entered, etc.

Accounting uses UDP port 1813, prior to IANA allocation 1646

Radius Server

The radius server is sometimes called the AAA server. This is because most common radius servers support all three functions. The Cisco ACS server is an example of such a device.

Other Radius Servers Include:

Juniper Steel Belted Radius

Microsoft IAS (Server 2003)

Microsoft NAP (Server 2008)

Free Radius

Configuration Notes

Speaking from experience (also noted on page 121) there are 2 common mistakes that happen often when setting up a radius server. One is using the wrong port numbers. Two is using the incorrect shared secret between the radius server and the authenticator.  If you have issues in your initial setup, this is something you should check.

RFC

Radius Authentication and Authorization is defined in:

IETF RFC 2865

http://www.ietf.org/rfc/rfc2865.txt

Radius Accounting is defined in:

IETF RFC 2866

http://www.ietf.org/rfc/rfc2866.txt



PrintView Printer Friendly Version

EmailEmail Article to Friend

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>