How to make

Unanswered Question
Dec 31st, 2008
User Badges:


I have a Cisco 1200 Series AP and I want to apply security for my users when using wireless. I have also got ACS. Can anybody help me out on this.

Thanks in advance.

Best Regards,

Rahim Amir Ali

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
scottmac Wed, 12/31/2008 - 06:57
User Badges:
  • Green, 3000 points or more

Your request is a little broad. Is there a specific area of the configuration you need help with?

More details wold be a Very Good Thing.

Thanks Wed, 12/31/2008 - 22:34
User Badges:

Hi Scott,

I mean to say that i want to authenticate wireless users on my network i.e. want to apply wireless security.

What is the best way to do it?

Best Regards,

Rahim Amir Ali

scottmac Fri, 01/02/2009 - 07:56
User Badges:
  • Green, 3000 points or more

Still a little vague ...

Are you working with a fixed set of users? or will there be guests or a significant number of transient users?

Are any of the hosts wireless VoIP phones?

Do you have other security resources on this network (i.e., Certificate services, MS Domains)?

Do you have any other security needs that will share the ACS/RADIUS services (like VPNs or 802.1x port security)?

The range of security available for wireless can be as simple as "just use pre-shared keys and WPA2" to full-boat implementation of EAP-TLS, where each host gets a certificate and authenticates against the CA and the Microsoft AD.

As a standalone system, nearly anything will do within the window between how secure you need the system to be weighed against how much pain you're willing to inflict on your users to get it.

In the context of using the same AAA resources to feed wireless, VPN, console access, etc., then you must first narrow the field to a security type that all will support, then decide how much administrative burden you can handle, how much grief the users will endure, and so an.

If you're not sure on any of the above, this would be a good time to enlist the services of a good contractor/VAR/consultant that can look over your entire setup and make a specific recommendation.

Good Luck

Scott Sun, 01/04/2009 - 21:03
User Badges:

Dear Scott,

Thank for your reply. Here are the answers:

1)There will be some guest users and some permanent users.

2)Users will only have Wireless Laptops.

Wireless VoIP phones will not be used.

3)Here only WLAN Security is concerned i.e. a user that logs onto the network should be properly analysed and then assigned the required access.

4)We do not have CA but we do have Microsoft AD Setup.

5)Security should be transparent to the users i.e. it should be user friendly.

I hope I have answered your questions. Waiting for your response. Thanks in advance.

Best Regards,

Rahim Amir Ali

kylerossd Mon, 01/05/2009 - 20:04
User Badges:


You would more than likely want to use WPA2-Enterprise for your permanent users, you will get the advantage of machine authentication (802.1x) and the process is seamless to the end user. For guest access there are a couple of options, you can use a lobby admin account and use webauth (seems easier to manage) and it a lot more secure than a PSK.


This Discussion