Authentication Services: RADIUS

The proliferation of 802.11 radios in devices that previously lacked Wi-Fi capability gives users multiple opportunities to connect to the enterprise network. Alongside laptops are tablets, smartphones, handhelds, and scanners. However, with each opportunity for a device to connect comes another opportunity for a device that does not belong on the network to join in the conversation. The solution is to enforce strong authentication policies for all clients.

Meru Networks makes the authentication process more powerful by offering a complete array of authentication methods. For 802.1X enabled WPA and WPA2 Enterprise networks, the Meru controller connects to a centralized RADIUS server and establishes strong cryptographic keys. Client verification ca n use certificates, passwords, or pass-through logins to secure keycard systems. Among the EAP types supported are:

• EAP-TLS, based on public key certificates for each client,
• EAP-TTLS, allowing for tunneled authentication that provides greater protection for credentials and identities
• PEAPv0/MSCHAPv2, allowing Active Directory usernames and passwords to be used, simplifying installations on Microsoft-based networks,
• PEAPv1/EAP-GTC, allowing arbitrary challenge-response authentication services over a secure tunnel
• EAP-SIM, for smart card authentication

For networks where devices are not yet sophisticated enough to support 802.1X, preshared keys are supported. But preshared key networks have a number of problems. What happens when an employee leaves? Or if the preshared key is accidentally discovered? For these cases, the Meru captive portal can be used with encrypted networks and unencrypted networks alike, to ensure that only users that belong on the network gain access.