I am using Cisco wireless controller 2500, and few APs (3501)
I used VLAN to pipe APs across the swithes into WLC and setup Windows 2008 NPS with AD server certificate (issued by AD CA) installed.
1. With office notebook PC on AD domain, I setup WLANs in layer2 [WPA2][802.1x] to authenticate computer account to NPS server as well as verify the AD server certificate.
Can someone comment is this setting GOOD enough - user anuthentication and data encryption?
2. When I setup guest WLAN, I user [WPA2][802.1x] to authenticate "guest user" accounts (info passed to guest with 1 day expiration) to NPS, but the problem is the guest laptop windows did not trust my AD server certificate. I am thinking to install on the NPS a server certificate purchased from public CA.
Can someone comment is this secure? As I thought everyone around the office area could use their laptop to guess the user/pswd and try to connect the Guest SSID.
3. I also check the forum that using Layer3 security only "Web authentication" against the NPS guest account, but there seems even no encryption, and what abount the authtication - plain text?
4. I want to connect some APs directly to the WLC port 3 or port 4 which are POE, but how to config on WLC so all WLANs or virtual interfaces can be broadcast in all APs?
Please help. Thanks,