Setting up WPA2 Enterprise

Answered Question

Hello all,


Sorry if this seems stupid to any of you.  Try not to flame me.  I have been using wpa2 with pre-shared keys in my "small" network environment but I am getting tired of manually retyping keys to every one when someone leaves the company plus we are starting to grow at a fairly rapid clip.


I would like to implement WPA2 Enterprise but not sure where to start.   I was looking for some how-to's on Cisco's site but thought this might be a good place to start.


Our environment is a mix of Linux & Windows, LDAP & AD, using Linksys WAP200's and Cisco switches.


Are there any docs for setting up wpa2 Enterprise that any of you use?  Any suggestions are appreciated.


Thanks,

Correct Answer by rdvorak about 7 years 1 month ago

Hi, from your post I don't see that you've a PKI and use certificates in your network yet.


It will depent on the EAP type that you plan to use whether you need to roll-out server and client certificates and for that you'll need a certificate authority.

So I think that is the big blocking point in most networks to have a PKI to auto enroll certificates as no one want to do it manualy for a high number of clients, the config of the APs/AD/IAS isn't the big deal.


Haven't found a better resource/link --> http://www.cs.umd.edu/~mvanopst/8021x/howto/

....so just replace WEP with WPA2 and the rest is about the same.


As I'm not an MS server or PKI expert I hope some other members could backup my opinion.


Kind regards,

Ron

Correct Answer by Leo Laohoo about 7 years 1 month ago

Where do you want to configure this?  Client?  APs?


It's best if you hook the WPA2 to your TACACS or RADIUS login account.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Leo Laohoo Mon, 04/26/2010 - 14:47
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Where do you want to configure this?  Client?  APs?


It's best if you hook the WPA2 to your TACACS or RADIUS login account.

Correct Answer
rdvorak Mon, 04/26/2010 - 15:31
User Badges:

Hi, from your post I don't see that you've a PKI and use certificates in your network yet.


It will depent on the EAP type that you plan to use whether you need to roll-out server and client certificates and for that you'll need a certificate authority.

So I think that is the big blocking point in most networks to have a PKI to auto enroll certificates as no one want to do it manualy for a high number of clients, the config of the APs/AD/IAS isn't the big deal.


Haven't found a better resource/link --> http://www.cs.umd.edu/~mvanopst/8021x/howto/

....so just replace WEP with WPA2 and the rest is about the same.


As I'm not an MS server or PKI expert I hope some other members could backup my opinion.


Kind regards,

Ron

I set up my WAP to talk to IAS.  The link above was pretty close (I had to adjust for W2K3) but I got though it.


It works!


The only oddity is that If I tell the laptop to not validate the certificate it works fine.  If I create and download a cert it does not work. Odd.


I will try to figure that part out.  Thanks again all.

Actions

This Discussion

Related Content