04-26-2010 01:24 PM - edited 07-03-2021 06:45 PM
Hello all,
Sorry if this seems stupid to any of you. Try not to flame me. I have been using wpa2 with pre-shared keys in my "small" network environment but I am getting tired of manually retyping keys to every one when someone leaves the company plus we are starting to grow at a fairly rapid clip.
I would like to implement WPA2 Enterprise but not sure where to start. I was looking for some how-to's on Cisco's site but thought this might be a good place to start.
Our environment is a mix of Linux & Windows, LDAP & AD, using Linksys WAP200's and Cisco switches.
Are there any docs for setting up wpa2 Enterprise that any of you use? Any suggestions are appreciated.
Thanks,
Solved! Go to Solution.
04-26-2010 02:47 PM
Where do you want to configure this? Client? APs?
It's best if you hook the WPA2 to your TACACS or RADIUS login account.
04-26-2010 03:31 PM
Hi, from your post I don't see that you've a PKI and use certificates in your network yet.
It will depent on the EAP type that you plan to use whether you need to roll-out server and client certificates and for that you'll need a certificate authority.
So I think that is the big blocking point in most networks to have a PKI to auto enroll certificates as no one want to do it manualy for a high number of clients, the config of the APs/AD/IAS isn't the big deal.
Haven't found a better resource/link --> http://www.cs.umd.edu/~mvanopst/8021x/howto/
....so just replace WEP with WPA2 and the rest is about the same.
As I'm not an MS server or PKI expert I hope some other members could backup my opinion.
Kind regards,
Ron
04-26-2010 02:47 PM
Where do you want to configure this? Client? APs?
It's best if you hook the WPA2 to your TACACS or RADIUS login account.
04-27-2010 11:54 AM
I was assuming at the access point. I only have a couple of them. Should I be doing it at the user device level?
04-26-2010 03:31 PM
Hi, from your post I don't see that you've a PKI and use certificates in your network yet.
It will depent on the EAP type that you plan to use whether you need to roll-out server and client certificates and for that you'll need a certificate authority.
So I think that is the big blocking point in most networks to have a PKI to auto enroll certificates as no one want to do it manualy for a high number of clients, the config of the APs/AD/IAS isn't the big deal.
Haven't found a better resource/link --> http://www.cs.umd.edu/~mvanopst/8021x/howto/
....so just replace WEP with WPA2 and the rest is about the same.
As I'm not an MS server or PKI expert I hope some other members could backup my opinion.
Kind regards,
Ron
04-27-2010 11:55 AM
That is a very good link. Thank you for that.
04-27-2010 02:06 PM
I set up my WAP to talk to IAS. The link above was pretty close (I had to adjust for W2K3) but I got though it.
It works!
The only oddity is that If I tell the laptop to not validate the certificate it works fine. If I create and download a cert it does not work. Odd.
I will try to figure that part out. Thanks again all.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: