12-24-2007 01:40 AM - edited 07-03-2021 03:08 PM
Kind of new to the more advanced Wireless stuff, and must making sure I'm on the right track. We have the following:
4400 series WLCs w/ 4.1 software
1242 APs
SecureACS 4.0 servers
Unix LDAP servers
Windows 2000 servers running AD
Mix of Windows, Linux, and Mac clients
Given the above list, we'd like to have secure (encrypted + authenticated) wireless access for users. I'm thinking PEAP with the SecureACS servers is the way to go. Does this sound right, and where should I look for configuration documentation?
01-01-2008 06:17 AM
PEAP would work fine with that setup. Here's a link to the doc on setting up the controllers and ACS to use PEAP.
01-05-2008 12:29 AM
Good Stuff. Thanks for the link.
What I'm curious about is the CA setup. If we already have a CA, can't we just generate, sign, and install a cert for each ACS server and then be good to go?
Or, could we even use self-signed certs, assuming that the PEAP client allows it?
01-09-2008 03:21 PM
Don't use self signed certs. I've gotten them to work, but it can be spotty depending on the supplicant. Even on the same PC.
Since you have a PKI infrastructure you should use that. The exception would be if you had a lot of user that are not members of your domain (at least the PCs). In that case you would have to import the root CA cert into the PCs. Given the low cost of commercial certs it we be worth it to loose the hassle factor.
You could also use IAS on the DC's as this is an AD environment. It is a simpler configuration and I find authentication to be faster using IAS. The exception would be if the users access the network are not members of AD. In that case ACS makes more sense. You can add the users to AD, but you would have to purchase a CAL to be legal, whereas ACS wouldn't care.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: