- Bronze, 100 points or more
Hi all. I've inherited a large wireless network and may need to take it all back to the drawing board.
I have two 5508 wireless controllers, an ACS, and about 40 LWAPs.
I have to support iPhone, iPad, iPod touch, and Android OS as well as Mac & PC.
There are two wireless LANs presently. One is "internet only" which utilizes ACLs on the core routers that only allow the traffic out to the Internet.
This works fine and we don't see a reason to change it.
However, the internal access LAN needs a major overhaul.
We're using an open network that utilizes web auth that reaches out to the ACS for authentication.
This doesn't work for the mobile devices, but works fine for the PCs and Macs.
Here's the question. Where do I start? Certificates left a bad taste in the mouths of I/T before because they had to be locally managed, and when they expired, the wireless user was offline until they could get to the helpdesk.
Any ideas on how to get mobile devices to securely access the network (and authenticate) using a new WLAN?
Each user must authenticate using their own network credentials.
Group Policy Object, it means "pushed by Active Directory to the AD clients". It's on microsoft side.
Bet bet would be to use PEAP. This only requires a server side certificate. It is also a standard for EAP, so all supplicants support this, including Android.
There is no user cert required, but you could push one via GPO if you wanted to mutually verify the servers cert.
Support should be in all OS, MSFT, Mac, Android, Linux etc.