remote office wireless

Unanswered Question
Aug 1st, 2008

Good evening everyone. I have a requirement for wireless access in our state offices. There are all over Wide Area Links frac T-1 to T-3's. The requirement is for AES using EAP-FAST. The wireless users must be able to work if the WAN link goes down.

I have looked at the wireless module for the 2800 I have had one working in the lab. I have over 130 different office domains and forrests. I need a genric type certificates to allow the users to work and that I can change out at set intervals. The certs that are generated now dont appear to let me do this using MS CA.

ANy Thoughts on this would ge greatly appriciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
michael.lussier Fri, 08/01/2008 - 12:32

sorry about the typo's ! here is the clearer copy

Good evening everyone. I have a requirement for wireless access in our state offices. They are all over Wide Area Links using frac T-1 to T-3's. The requirement is for AES using EAP-FAST. The wireless users must be able to work if the WAN link goes down. HREAP Right ….

I have looked at the wireless module for the 2800 I have had one working in the lab. I have over 130 different office domains and forests. I need a generic type certificates to allow the users to work and that I can change out at set intervals. The certs that are generated now don't appear to let me do this using MS CA.

Any Thoughts on this would be greatly appreciated.

misha_bac Wed, 09/10/2008 - 03:33

and what auth types are supported in h-reap local auth,local switching then?

h-reap design guide says that it can support methods which can be 'handled localy' - what are they?

upd: found it - open, wep, wpa-psk or wpa2-psk

what if we place radius server on each remote site - can then h-reap aps use eap?

basicly what i want - it's to place radius server on each site and make WLC auth against it (each site to their own server), and when link goes down, everything would work as intended, like there was no wan fail - LAPs would auth against radius server which alredy on their site. is it possible?

Scott Fella Wed, 09/10/2008 - 04:10

If you place a radius server in each remote site, then you can authenticate users via 802.1x. If you want to authenticate LAP's also, it is best practice to have a separate AAA server for that. I have not had a client deploy radius servers in each location, the reason being.... you have to sync all of them. Also, usually all services are centralized, so if the WAN goes down, email and file shares, etc are not available to the user. So take a look at your traffic flow and see if putting a radius server in each site is worth the cost or not. You can still use 802.1x but have the radius server centralized, but again... depends on what you are trying to accomplish.

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode