Question

You are the wireless network administrator for your organization. As the size of the organization has grown, you've decide to upgrade your wireless network to use 802.1x authentication instead of preshared keys. To do this, you need to configure a RADIUS server and RADIUS clients. You want the server and the clients to mutually authenticate with each other. What should you do?

1) Configure the RADIUS server to use a shared secret key
2) Configure the RADIUS server to use a digital certificate
3) Configure the RADIUS clients to use a shared secret key
4) Configure the RADIUS clients to use a digital certificate
5) Configure the RADIUS server and clients to use a preshared key

Answer 1

To configure mutual authentication between a RADIUS server and its clients, configure both the server and clients to use digital certificates. This method is more secure than shared secret keys and is suitable for organizations, especially those that have grown in size.

Step-by-step explanation:

If you want to configure a RADIUS server and RADIUS clients to mutually authenticate with each other, you should:

1. Configure the RADIUS server to use a digital certificate.
2. Configure the RADIUS clients to use a digital certificate.

Both the server and the client need digital certificates for mutual authentication. A shared secret key would not provide mutual authentication as it is only a piece of shared knowledge between the client and server. Moreover, using 802.1x authentication provides a more robust security than a pre-shared key, especially in an organization that has grown in size. Digital certificates are a part of the Extensible Authentication Protocol (EAP), which is used in the 802.1x standard to provide greater security.