Skip Links

Low-cost RADIUS servers for Wi-Fi security

Elektron, ClearBox, Microsoft NPS and FreeRADIUS enable Wi-Fi security for small and midsize enterprises

By Eric Geier, Network World
September 10, 2012 12:09 AM ET

Network World - Remote Authentication Dial-In User Service (RADIUS) servers are common in enterprise networks to offer centralized authentication, authorization and accounting (AAA) for access control. But RADIUS servers can also be useful in small and midsize networks to enable 802.1X authentication and WPA2 (802.11i) security for Wi-Fi nets.

We tested four RADIUS servers that smaller businesses might consider: Elektron, ClearBox, Microsoft's Network Policy Server from Windows Server 2008 R2, and FreeRADIUS.

We measured ease of installation and configuration, quality of the documentation and the ability to customize configurations. All of the vendors scored well, with ClearBox on top and Elektron a close second, and FreeRADIUS and Windows Server NPS tying for third.

Elektron ($750) is a good entry-level and user-friendly server. ClearBox ($599) is a great choice for small networks, but it also scales to larger networks. Microsoft Windows Server 2008 R2 NPS is likely a given for organizations already running a Windows Server, as long as they don't need all the advanced features and database support. And FreeRADIUS (open source) is a solid and economical choice for Unix/Linux admins offering the most customization and flexibility.

Net results

Here are the individual reviews:

Elektron

The Elektron RADIUS server from Periodik Labs is a Windows GUI-based server that's targeted toward wireless authentication for small and midsize networks, but supports other AAA purposes as well. It's offered as a 30-day free trial and then costs $750 for a single server license.

Elektron can run on Windows XP Pro, Vista, Windows 7 and Windows Server 2003 and 2008. There's also a Mac OS X edition that runs on 10.5 or later or with an Intel Core Duo or better processor. Both require at least 512MB of memory and 20MB of free disk space.

Elektron supports the following authentication methods: PEAP, TTLS, EAP-FAST, EAP-TLS, LEAP, PAP, CHAP, MS-CHAP, MS-CHAPv2, EAP-MS-CHAPv2, EAP-MD5, EAP-GTC, and EAP-OTP. It also supports the following databases for the user account data: Internal database (configurable via the GUI called Elektron Accounts), Windows accounts, Mac OS X Directory Services, Active Directory and other LDAP directories, SQL and other ODBC compliant data sources, Remote RADIUS servers and Script.

We tested Elektron Version 2.2 in Windows Server 2008 R2 on a VMware virtual machine. The installation was very simple and only took about a minute. It uses a typical Windows installer and didn't prompt us for any server-related settings.

Immediately after the installation we found a Setup Wizard to help configure Elektron for wireless authentication. It prompted us to create a password (shared secret) for a wireless access point (RADIUS client) and helped configure/create a server certificate. The wizard was helpful, but could be improved by allowing you to enter passwords for individual access points rather than creating a catch-all entry for any access point, which is a less secure method.

After using the Setup Wizard we were left in the dark as to our next step. Since we're experienced with the RADIUS process, we knew we had to configure the Authentication Provider (we used the internal database) and input user account info (we created a user on the Elektron Accounts page). But those not familiar with RADIUS might be confused because the wizard doesn't cover this and the Getting Started section in the documentation skips it as well. Nevertheless, after configuring our wireless access point with WPA2-Enterprise we were able to authenticate via Protected Extensible Authentication Protocol (PEAP).

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News