Hello - I have been asked to investigate changing our wireless network's authentication to 802.1x. Currently we are using WPA, TKIP with a pre-shared key. We have found that more folks are connecting via their cell phones\PDA's (we set them up with the PSK) and having to change the pre-shared key everytime that one of the folks that has been permitted to connect with their phone leaves our company is getting to be quite the task since we need to change that on users laptops and every other phone that connects. From what I have read it looks like we need to get a WLC in place before we can implement 802.1x for authentication but I'm not certain about that. Is it necessary to have a WLC or could we get the same results using our ACS server (Cisco 1113 with ACS for Windows)? I am really just looking for something that is easier to manage, I was thinking about trying ti put some sort fo MAC based authentication in place but that does not seem to be the most secure method. Ideally we want it to be fairly seemless for new folks to connect once the intial setup is complete which with our current setup does, some folks around here have issues with our executives having to type in their credentials on their cell phones or PDA's. If anybody can provide some guidance or perhaps some links to other documents that I can review to come up with a game plan I would be most appreciative.
Thanks - Matt