Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
544
Views
0
Helpful
5
Replies

How to make

waridtel.com
Level 1
Level 1

‎12-31-2008 01:48 AM - edited ‎07-03-2021 04:56 PM

Hi,

I have a Cisco 1200 Series AP and I want to apply security for my users when using wireless. I have also got ACS. Can anybody help me out on this.

Thanks in advance.

Best Regards,

Rahim Amir Ali

Labels:
0 Helpful
5 Replies 5

scottmac
Level 10
Level 10

‎12-31-2008 06:57 AM

Your request is a little broad. Is there a specific area of the configuration you need help with?

More details wold be a Very Good Thing.

Thanks

0 Helpful

waridtel.com
Level 1
Level 1
In response to scottmac

‎12-31-2008 10:34 PM

Hi Scott,

I mean to say that i want to authenticate wireless users on my network i.e. want to apply wireless security.

What is the best way to do it?

Best Regards,

Rahim Amir Ali

0 Helpful

scottmac
Level 10
Level 10
In response to waridtel.com

‎01-02-2009 07:56 AM

Still a little vague ...

Are you working with a fixed set of users? or will there be guests or a significant number of transient users?

Are any of the hosts wireless VoIP phones?

Do you have other security resources on this network (i.e., Certificate services, MS Domains)?

Do you have any other security needs that will share the ACS/RADIUS services (like VPNs or 802.1x port security)?

The range of security available for wireless can be as simple as "just use pre-shared keys and WPA2" to full-boat implementation of EAP-TLS, where each host gets a certificate and authenticates against the CA and the Microsoft AD.

As a standalone system, nearly anything will do within the window between how secure you need the system to be weighed against how much pain you're willing to inflict on your users to get it.

In the context of using the same AAA resources to feed wireless, VPN, console access, etc., then you must first narrow the field to a security type that all will support, then decide how much administrative burden you can handle, how much grief the users will endure, and so an.

If you're not sure on any of the above, this would be a good time to enlist the services of a good contractor/VAR/consultant that can look over your entire setup and make a specific recommendation.

Good Luck

Scott

0 Helpful

waridtel.com
Level 1
Level 1
In response to scottmac

‎01-04-2009 09:03 PM

Dear Scott,

Thank for your reply. Here are the answers:

1)There will be some guest users and some permanent users.

2)Users will only have Wireless Laptops.

Wireless VoIP phones will not be used.

3)Here only WLAN Security is concerned i.e. a user that logs onto the network should be properly analysed and then assigned the required access.

4)We do not have CA but we do have Microsoft AD Setup.

5)Security should be transparent to the users i.e. it should be user friendly.

I hope I have answered your questions. Waiting for your response. Thanks in advance.

Best Regards,

Rahim Amir Ali

0 Helpful

kylerossd
Level 4
Level 4
In response to waridtel.com

‎01-05-2009 08:04 PM

Rahim,

You would more than likely want to use WPA2-Enterprise for your permanent users, you will get the advantage of machine authentication (802.1x) and the process is seamless to the end user. For guest access there are a couple of options, you can use a lobby admin account and use webauth (seems easier to manage) and it a lot more secure than a PSK.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card