Re: dynamic keying via 802.1X on IETF wireless

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Folks,

While I realize there are only hours left, I have decided to
forward these directions anyway.

PEAP is working now, with a username/password of ietf60/ietf60.

So, a configuration how-to :

>From the Start menu, select "Control Panel", followed by the "Network
Connections" icon.  In the "Network Connections" window, find the wireless
interface that you intend to use.  Right click on the wireless interface,
and select properties.  In the properties window, select the "Wireless
Networks" tab.

Since the 802.1X wireless network is not broadcast, you may need to add it
to your preferred networks.  To do this, click on the "Add..." button in
the "Preferred Networks" pane.  In the "Network name (SSID):" field, enter
"ietf60-1x".  For "Network Authentication" be sure it is set to "Open",
and for "Data encryption:" set it to WEP.  Finally, make sure that the
check box for "The key is provided for me automatically" is checked.

Next, select the "Authentication" tab at the top of the window.  In the
authentication tab, be sure that "Enable IEEE 802.1x authentication for
this network" is checked.  Then, for EAP type select "Protected EAP
(PEAP)".

Then, click the Properties button below the "EAP Type" box.  In the
"Protected EAP Properties" uncheck the box for "Validate server
certificate".  Under "Select Authentication Method", select "Secured
password (EAP-MSCHAP v2)" then click on configure.   Uncheck the box for
"Automatically use my Windows logon name and password (and domain if
any)."

Select the "Ok" button for all windows that remain open.  If you are
within range of a wireless network that supports the iet60-1x network,
Windows should now attempt to authenticate.  During the authentication you
should see a bubble in the bottom right corner of your screen that
indicates that you need to select a certificate or other credentials to
log in.  Click on the bubble, and enter "ietf60" for both the username and
password.  (Leave the Domain field blank.)  Finally, select Ok, and you
should now be authenticated.


Karen O'Donoghue wrote:
Folks,

We are experimenting with dynamic keying via 802.1X on the
IETF wireless network.  You are invited to try this service if you
wish. However, this isn't production so please do not ask for
assistance from the terminal room help desk staff.  Help
is available from the following (depending on schedule):

   Chris Hessing, Chris.Hessing@xxxxxxxx
   Chris Elliott, chelliot@xxxxxxxxx

Regards,
Karen

Anonymous 802.1X at IETF 60
===========================
Chris Hessing, University of Utah/Open1x Project

On the IETF 60 wireless network we are providing a separate SSID and VLAN that
does anonymous 802.1X authentication with support for dynamic WEP. The advantage
of using this is your wireless connection will be encrypted using per-user,
per-session keys. In addition, if you choose to check the certificate provided
by the network infrastructure during the authentication phase, you will also
receive some assurance that you are connecting to the IETF 60 network and not
some other network.


If you would like to make use of the 802.1X wireless network, you will need to
use the non-broadcast ESSID of “ietf60-1x”.


You will also need an 802.1X supplicant that has support for TTLS-PAP. Windows
XP/2000 users can download a plug-in to the native 802.1X client at
http://www.secureW2.com. Mac OS X users that are running OS 10.3+ already have
support included in the OS. Directions are provided below. Linux users
can download Xsupplicant from http://www.open1x.org.


Your supplicant will receive a server certificate that is a test certificate.
You can choose to configure your supplicant to accept this certificate the first
time it is provided and check it thereafter, allowing your supplicant to verify
that you are connecting to the IETF network infrastructure, or you can choose to
not validate the server certificate.


The username and password that you use doesn't matter, as long as you fill
something in for both. If you have an option to fill in a domain please leave it
blank.


Note that the encryption type supported at this time is dynamic WEP. We are
not currenly supporting WPA/TKIP.

We are currently working on supporting other EAP authentication types, including PEAP-GTC.

MAC Users
=========
1. Open Internet Connect
 2.  Under File "New 802.1X connect"
     a. edit config
         name - whatever you want
         username - whatever you want
         password - whatever you want
         wireless network - ietf60-1x
           authentication - only select TTLS
              configure TTLS
              TTLS Inner Authentication - PAP
              no outer id
        connect
3. Self signed cert - accept.



_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]