×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Really getting started

Answered Question
Nov 23rd, 2010
User Badges:
  • Bronze, 100 points or more

Hi all.  I've inherited a large wireless network and may need to take it all back to the drawing board.

I have two 5508 wireless controllers, an ACS, and about 40 LWAPs.

I have to support iPhone, iPad, iPod touch, and Android OS as well as Mac & PC.


There are two wireless LANs presently. One is "internet only" which utilizes ACLs on the core routers that only allow the traffic out to the Internet.

This works fine and we don't see a reason to change it.

However, the internal access LAN needs a major overhaul.

We're using an open network that utilizes web auth that reaches out to the ACS for authentication.

This doesn't work for the mobile devices, but works fine for the PCs and Macs.


Here's the question.  Where do I start?  Certificates left a bad taste in the mouths of I/T before because they had to be locally managed, and when they expired, the wireless user was offline until they could get to the helpdesk.

Any ideas on how to get mobile devices to securely access the network (and authenticate) using a new WLAN?

Each user must authenticate using their own network credentials.


Thanks!


Ven

Correct Answer by Nicolas Darchis about 6 years 8 months ago

Group Policy Object, it means "pushed by Active Directory to the AD clients". It's on microsoft side.


Nicolas

Correct Answer by Stephen Rodriguez about 6 years 9 months ago

Bet bet would be to use PEAP.  This only requires a server side certificate.  It is also a standard for EAP, so all supplicants support this, including Android.


     There is no user cert required, but you could push one via GPO if you wanted to mutually verify the servers cert.

     Support should be in all OS, MSFT, Mac, Android, Linux etc.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Stephen Rodriguez Tue, 11/23/2010 - 16:23
User Badges:
  • Purple, 4500 points or more

Bet bet would be to use PEAP.  This only requires a server side certificate.  It is also a standard for EAP, so all supplicants support this, including Android.


     There is no user cert required, but you could push one via GPO if you wanted to mutually verify the servers cert.

     Support should be in all OS, MSFT, Mac, Android, Linux etc.

Correct Answer
Nicolas Darchis Tue, 11/30/2010 - 09:40
User Badges:
  • Cisco Employee,

Group Policy Object, it means "pushed by Active Directory to the AD clients". It's on microsoft side.


Nicolas

Actions

This Discussion