Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5941
Views
0
Helpful
5
Replies

Setting up WPA2 Enterprise

Go to solution
thunt
Level 1
Level 1

‎04-26-2010 01:24 PM - edited ‎07-03-2021 06:45 PM

Hello all,

Sorry if this seems stupid to any of you.  Try not to flame me.  I have been using wpa2 with pre-shared keys in my "small" network environment but I am getting tired of manually retyping keys to every one when someone leaves the company plus we are starting to grow at a fairly rapid clip.

I would like to implement WPA2 Enterprise but not sure where to start.   I was looking for some how-to's on Cisco's site but thought this might be a good place to start.

Our environment is a mix of Linux & Windows, LDAP & AD, using Linksys WAP200's and Cisco switches.

Are there any docs for setting up wpa2 Enterprise that any of you use?  Any suggestions are appreciated.

Thanks,

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎04-26-2010 02:47 PM

Where do you want to configure this?  Client?  APs?

It's best if you hook the WPA2 to your TACACS or RADIUS login account.

View solution in original post

0 Helpful

Go to solution
rdvorak
Level 1
Level 1

‎04-26-2010 03:31 PM

Hi, from your post I don't see that you've a PKI and use certificates in your network yet.

It will depent on the EAP type that you plan to use whether you need to roll-out server and client certificates and for that you'll need a certificate authority.

So I think that is the big blocking point in most networks to have a PKI to auto enroll certificates as no one want to do it manualy for a high number of clients, the config of the APs/AD/IAS isn't the big deal.

Haven't found a better resource/link --> http://www.cs.umd.edu/~mvanopst/8021x/howto/

....so just replace WEP with WPA2 and the rest is about the same.

As I'm not an MS server or PKI expert I hope some other members could backup my opinion.

Kind regards,

Ron

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎04-26-2010 02:47 PM

Where do you want to configure this?  Client?  APs?

It's best if you hook the WPA2 to your TACACS or RADIUS login account.

0 Helpful

Go to solution
thunt
Level 1
Level 1
In response to Leo Laohoo

‎04-27-2010 11:54 AM

I was assuming at the access point.  I only have a couple of them.  Should I be doing it at the user device level?

0 Helpful

Go to solution
rdvorak
Level 1
Level 1

‎04-26-2010 03:31 PM

Hi, from your post I don't see that you've a PKI and use certificates in your network yet.

It will depent on the EAP type that you plan to use whether you need to roll-out server and client certificates and for that you'll need a certificate authority.

So I think that is the big blocking point in most networks to have a PKI to auto enroll certificates as no one want to do it manualy for a high number of clients, the config of the APs/AD/IAS isn't the big deal.

Haven't found a better resource/link --> http://www.cs.umd.edu/~mvanopst/8021x/howto/

....so just replace WEP with WPA2 and the rest is about the same.

As I'm not an MS server or PKI expert I hope some other members could backup my opinion.

Kind regards,

Ron

0 Helpful

Go to solution
thunt
Level 1
Level 1
In response to rdvorak

‎04-27-2010 11:55 AM

That is a very good link.  Thank you for that.

0 Helpful

Go to solution
thunt
Level 1
Level 1
In response to thunt

‎04-27-2010 02:06 PM

I set up my WAP to talk to IAS.  The link above was pretty close (I had to adjust for W2K3) but I got though it.

It works!

The only oddity is that If I tell the laptop to not validate the certificate it works fine.  If I create and download a cert it does not work. Odd.

I will try to figure that part out.  Thanks again all.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card