Kind of new to the more advanced Wireless stuff, and must making sure I'm on the right track. We have the following:
4400 series WLCs w/ 4.1 software
SecureACS 4.0 servers
Unix LDAP servers
Windows 2000 servers running AD
Mix of Windows, Linux, and Mac clients
Given the above list, we'd like to have secure (encrypted + authenticated) wireless access for users. I'm thinking PEAP with the SecureACS servers is the way to go. Does this sound right, and where should I look for configuration documentation?
Don't use self signed certs. I've gotten them to work, but it can be spotty depending on the supplicant. Even on the same PC.
Since you have a PKI infrastructure you should use that. The exception would be if you had a lot of user that are not members of your domain (at least the PCs). In that case you would have to import the root CA cert into the PCs. Given the low cost of commercial certs it we be worth it to loose the hassle factor.
You could also use IAS on the DC's as this is an AD environment. It is a simpler configuration and I find authentication to be faster using IAS. The exception would be if the users access the network are not members of AD. In that case ACS makes more sense. You can add the users to AD, but you would have to purchase a CAL to be legal, whereas ACS wouldn't care.