I recently purchased a Cisco 526 Express Mobility Controller and 5 521 AP.
I would like to set this all up using radius and would like to know a good way to implement with security in mind.
I am having issues with getting the controller to only allow domain user to access the AP's. For some reasaon though i am still able to gain access without any formal windows credentials only supply the PSK.
If you have Cisco ACS server I suggest the best way would be implement EAP-Fast. This doesn't involve the manual task of creating certificates but yet provides a reasonable security to encrypt the packets. Refer URL