My diary of software development

Posts tagged ‘PKI’

Setting up Wireless 802.1x

I am in the process of setting up 802.1x wireless security at my church. I manage my church’s network as a personal charitable effort and until recently, the church had a single flat network segment with servers and wired/wireless workstations on the same segment. They had wireless setup without requiring any type of WPA or other security so that visiting ministers could jump on and get out to the Internet.

I definitely didn’t like the fact that guest users could be on the same network as the servers and the church staff’s workstations so I sat down to think about the best way to work this out. The church wanted to keep the guest wireless because it was much easier for them when guests needed access to the Internet. However they also listened to me when I told them how much of a bad idea it was to mix their private and guest networks.

The first thing I did was to physically seperate the networks. This phase is almost done, I still need to run some cabling from the sanctuary over to the offices which are in a seperate building so that I can install guest and private wireless in the sanctuary. But the office and Sunday School areas are seperated now and I’ve placed WPA2 security on the private network to secure it.

My next phase was to implement wireless 802.1x, so  I went through the purchase requisitions to get the Windows OS upgrades (they were still at Windows 2000) and implement a 2008 domain and PKI. I then read this article: http://technet.microsoft.com/en-us/library/cc771455(WS.10).aspx, followed the instructions, and after completing them, thought I was ready to test and see if it worked. But of course it didn’t. I have never done anything this complicated that actually worked the first time, no matter how methodically I followed the instructions. It seems like I’d know by now but I really thought this would work the first time.

Since then, my work has increased and this became too much to juggle. I knew that at least we had a seperate guest and private network so I chose to put this on hold for a bit.

In the last week, I’ve had some relief from the work projects so that I have extra time in the evening and my attention has been turning back to this 802.1x project at my church. I figured this time I’d setup a Vista workstation as a sort of lab for testing this wireless auto-connecting project.

Advertisements