we are currently working on getting an standard architecture into our company regarding WLAN security access.
I would then like to year what do you think about it in terms of security (we are not looking into the state of art security, but a level which may be suficient for an internal company). I would like to ear what auditors may say about that, in case you have already faced such audit.
We have MS Active Directory, and Cisco ACS 4.1, and Cisco Aironet AP's 12xx.
We have sellected PEAP-MSCHAPv2 authentication method, with Selfsigned certificates (generated by Cisco ACS), which we distribute via GPO to computers member of the domain. We also distribute the Network configuration via the same GPO, with the SSID, require certificate verification, etc, etc.
Cisco ACS will then verify if the user is member of a specific AD Group, and in case yes, the WLAN access is granted.
Let me know your remarks...