AP-5131 WAP RADIUS Configuration?

215 pts.
Wireless Access Points
Wireless networking
Wireless security
WLAN access points
WLAN protocols
I am in the process of helping my boss apply some basic security to our current WLAN. The company has not applied security to this point since the information we have is not really that confidential and we are in a cynder block building which kills most of the signal before it even leaves the walls. My boss just wants a basic security measure in place to block wandering users from jumping on our wifi signal at night or something while parked outside of the building. We are trying to implement the simplest to maintain security measures. We have a handful of laptops and then several RF units that connect to our WLAN as well as occasional customers. WAP would be ok except that changing the password every so often would be too much of a hassle to maintain and yet we wouldn't want a customer to have access after they leave the building. We are considering just using MAC address blocking at the minimum. I realize that this is pretty minimal in terms of security, but that is really all we're after. Stopping Joe Blow from using our internet access at night. Our AP-5131 has a RADIUS server built in and this authentication method seems promising. Does anyone know how to configure the AP-5131 for using Radius? I followed the instructions in the product reference guide -- and we all know how useful those are -- but it didn't say for sure whether you had to have WPA or something enabled to make it work so I left just the Radius with no WPA or security enabled at all. I made a group for employees and a group for guests and a test guest for the guest group and myself in the employee group. I also made another WLAN for just guests. When I went down to that access point and tried to logon to the internet, it did not pop up with an internet explorer message asking for a name and password. It just let me on as normal. I'm just trying to figure out if there are any other steps that need to be taken in order to make sure that logon redirection happens. From what I can tell, it is supposed to do all of that automatically since I am using the AP's local RADIUS server for everything. I set RADIUS to local and created the users, groups, and mapped the groups to their WLANs. I applied everything and went to see if it had worked and it let me on without the login screen. Am I missing something? When you use the RADIUS local, you don't need a server IP address or anything right? Shouldn't it automatically ask me for a name and password if I try to use the internet with that access point? We have actually 2 AP-5131s and a few older motorola symbol APs that don't use the radius local. Do all of the APs have to be set up the same in order for this to work? Right now everything is configured with bakhaul and I believe we can roam from AP to AP. Any thoughts or suggestions would be greatly appreciated! Thanks! Erin

Answer Wiki

Thanks. We'll let you know when a new response is added.

Using RADIUS might be overkill for your situation, but then there is not really a valid application of the phrase “too secure”.
If you use WPA or better yet WPA2 with a Pre Shared Key(PSK), and set your AP’s to not broadcast their SSID’s you will have a relatively secure network. You can add MAC address blocking if you want one more hoop for any would be system-breakers to jump through. Make sure to use a strong pass<i><b>phrase</b></i> for the WPA. If you have a spare AP (or you could get a cheap one from your local electronics store) you could connect it to the DMZ of your network. This will give visitors Internet access, while isolating them from the company domain. The password for this could be changed after each company visitor leaves. IF you broadcast its SSID it creates a false target to entertain system-breakers.

Discuss This Question: 4  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Labnuke99
    SSID's are broadcast in every client frame even if the AP does not broadcast.
    32,960 pointsBadges:
  • erin0201
    We actually just talked about possibly setting up a few small APs in the office areas where visitors are most likely to be located so that we can enable WPA2 with a pre shared key and then change it after visitors leave etc. That may be the way we go eventually, but right now I need to keep trying to see if I can get Radius to work on the 2 AP-5131s. My boss is pretty interested in that since we can stick those on the ends of the building where customers are most likely to be and then MAC block the older APs. This way we could add customers to the two AP-5131s and remove them after they leave. I just need to find someone more familiar with using the local RADIUS function on the Symbol/Motorola AP5131 so that I can figure out how to implement it. We may still end up just having to buy some small weaker APs that can be used strictly for visitors, but if anyone has any experience with the Symbol's integrated RADIUS configuration, please let me know! Thanks for your suggestions/help so far.
    215 pointsBadges:
  • Labnuke99
    You could implement Microsoft IAS (RADIUS) if you have Active Directory and manage access by groups.
    32,960 pointsBadges:
  • CHENS2
    OK I would like to implement IAS, but in the meantime AP using MAC filter function. How do I create access policy allow my list of mac addresses to RADIS server? Please help. CHENS2.
    65 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: