I need a how to on Security in WLC for the users

Unanswered Question
May 28th, 2010

OK, I need to actually make my unsecured wireless network secure. Where do I even begin? What I would love to happen is that it is invisible to the user but with about 1000 laptops we don't have time to do mac addresses etc. I have heard that what is wanted in our environment is WPA with at least 128 bit encrypt. To tell you the truth I've been running wireless wide open in our school buildings for a couple years now. With 4500 built in "hackers" on the wired network I cant' imagine what locking down the wireless will help with unless someone can reach it in the parking lot.

thanks for any help


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
George Stefanick Fri, 05/28/2010 - 16:09


It all comes down to what security you want to deploy. I assume you mean WEP with 128? Security also means management.

Are the wireless devices owned by your school or are they guest devices?

How secure do you want to go? Have you considered EAP?

You could deploy a suplicant on each device to roll out your deployment ...

william.hostetler Fri, 05/28/2010 - 17:09

We own the laptops. I would rather no one could get in at all. Is there a way to push out some kind of key with group policy? I would also like ldap authentication so they have to use our network username and password etc.


Gary (my login is william because cisco mucked up somehow my other account)

George Stefanick Fri, 05/28/2010 - 17:38

Do you use windows zero config or a supplicant like Intel? If so push out a policy for PEAP. You can tie the WLAN  to LDAP for authenication.

william.hostetler Fri, 05/28/2010 - 17:44

We try to maintain zero config. Once the laptop is set to our wireless it always connects back to it no matter who uses the laptop. Of course that is with no security on it. Of course I need a step by step to get it done and was hoping somewhere there was a how to.


Leo Laohoo Fri, 05/28/2010 - 17:52

1.  Disable "Broadcast SSID";
2.  Use WPA2/AES so you'll be ready to use 802.11n;
3.  Network Admission Controll (NAC); and


This Discussion