Getting Started: PEAP w/ SecureACS

Unanswered Question
Dec 24th, 2007
User Badges:
  • Bronze, 100 points or more

Kind of new to the more advanced Wireless stuff, and must making sure I'm on the right track. We have the following:

4400 series WLCs w/ 4.1 software

1242 APs

SecureACS 4.0 servers

Unix LDAP servers

Windows 2000 servers running AD

Mix of Windows, Linux, and Mac clients

Given the above list, we'd like to have secure (encrypted + authenticated) wireless access for users. I'm thinking PEAP with the SecureACS servers is the way to go. Does this sound right, and where should I look for configuration documentation?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
johnnylingo Sat, 01/05/2008 - 00:29
User Badges:
  • Bronze, 100 points or more

Good Stuff. Thanks for the link.

What I'm curious about is the CA setup. If we already have a CA, can't we just generate, sign, and install a cert for each ACS server and then be good to go?

Or, could we even use self-signed certs, assuming that the PEAP client allows it?

SHANNON WYATT Wed, 01/09/2008 - 15:21
User Badges:

Don't use self signed certs. I've gotten them to work, but it can be spotty depending on the supplicant. Even on the same PC.

Since you have a PKI infrastructure you should use that. The exception would be if you had a lot of user that are not members of your domain (at least the PCs). In that case you would have to import the root CA cert into the PCs. Given the low cost of commercial certs it we be worth it to loose the hassle factor.

You could also use IAS on the DC's as this is an AD environment. It is a simpler configuration and I find authentication to be faster using IAS. The exception would be if the users access the network are not members of AD. In that case ACS makes more sense. You can add the users to AD, but you would have to purchase a CAL to be legal, whereas ACS wouldn't care.


This Discussion