Access Points
Integration with Wireless
Sophos NAC Integration with Wireless Access Points
Copyright © 2011 Sophos Limited. All
rights reserved. No part of this publication
may be reproduced, stored in retrieval
system, or transmitted, in any form or
by any means electronic, mechanical,
photocopying, recording or otherwise
unless you are either a valid licensee
where the documentation can be
reproduced in accordance with the lice nc e
terms or you otherwise have the prior
permission in writing of the copyright
owner.
Sophos and Sophos Anti-Virus are
registered trademarks of Sophos Limited.
All other product and company names
are trademarks or registered trademarks
of their respective owners.
Document version 3.2
Published January 2011
2
Sophos NAC Integration with Wireless Access Points
Table of Contents
Sophos NAC Integration with Wireless Access Points .................................................................. 4
Configuring the WAP for Sophos NAC Integration through RADIUS Authentication ..................... 4
Using Wireless Encryption Protocol (WEP) ................................................................................... 6
Using Wi-Fi Protected Access (WPA) ........................................................................................... 9
Connecting to the AP .................................................................................................................. 11
Configuring the WAP for Access with Multiple SSIDs ................................................................. 11
Connecting to the AP with Multiple SSIDs ................................................................................... 15
3
Sophos NAC Integration with Wireless Access Points
Sophos NAC Integration with Wireless Access Points
This document provides information on integrating Sophos NAC Advanced with Wireless Access Points (WAPs) so
that authentication includes a Sophos NAC compliance assessment.
This document describes and tests the following two end-to-end scenarios:
• Scenario One: A machine is not granted access to the network via the WAP until it passes the Sophos
NAC compliance assessment.
• Scenario Two: A non-compliant machine associates with a specific SSID which provides limited network
access. Upon passing a Sophos NAC compliance assessment, the machine can associate with a different
SSID which provides full network access.
This document only tests the Cisco Aironet 1200 WAP with Sophos NAC. This WAP supports authentication
through RADIUS, a feature which is required for any access point (AP) that int egra tes with Sophos NAC.
Additionally, this WAP supports the creation of multiple SSIDs, which is required for scenario two. WAPs from other
manufactures are also supported by Sophos NAC, but they must support RADIUS authentication and multiple
SSIDs.
Configuring the W AP for Sophos NAC Integration through RADIUS Authentication
To integrate Sophos NAC with a WAP, the AP must first be configured on the network and set up to accept
RADIUS authentication. Complete the following steps to enable Sophos NAC support in a wireless AP environment.
1. Follow the steps in Chapter 3, “Configuring the Access Point for the First Time” in the document Cisco
Aironet 1200 Series Access Point Hardware Installation Guide. Minimally, the AP should be configured with
a system name, IP address, and SSID like the example that follows.
Note: This chapter is available online.
http://www.cisco.com/en/US/products/hw/wireless/ps430/products_installation_guide_chapter09186a00801cfb3e.html
2. From the Security menu, select Server Manager to open the Security: Server Manager page.
3. From the Corporate Servers area, select RADIUS from the Current Server List box , t ype the IP address
and shared secret for the Sophos Com pliance Application Server, and click Apply in this area.
4
Loading...