Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
Bronze

Really getting started

Hi all.  I've inherited a large wireless network and may need to take it all back to the drawing board.

I have two 5508 wireless controllers, an ACS, and about 40 LWAPs.

I have to support iPhone, iPad, iPod touch, and Android OS as well as Mac & PC.

There are two wireless LANs presently. One is "internet only" which utilizes ACLs on the core routers that only allow the traffic out to the Internet.

This works fine and we don't see a reason to change it.

However, the internal access LAN needs a major overhaul.

We're using an open network that utilizes web auth that reaches out to the ACS for authentication.

This doesn't work for the mobile devices, but works fine for the PCs and Macs.

Here's the question.  Where do I start?  Certificates left a bad taste in the mouths of I/T before because they had to be locally managed, and when they expired, the wireless user was offline until they could get to the helpdesk.

Any ideas on how to get mobile devices to securely access the network (and authenticate) using a new WLAN?

Each user must authenticate using their own network credentials.

Thanks!

Ven

Ven Taylor
2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: Really getting started

Bet bet would be to use PEAP.  This only requires a server side certificate.  It is also a standard for EAP, so all supplicants support this, including Android.

     There is no user cert required, but you could push one via GPO if you wanted to mutually verify the servers cert.

     Support should be in all OS, MSFT, Mac, Android, Linux etc.

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
Cisco Employee

Re: Really getting started

Group Policy Object, it means "pushed by Active Directory to the AD clients". It's on microsoft side.

Nicolas

3 REPLIES

Re: Really getting started

Bet bet would be to use PEAP.  This only requires a server side certificate.  It is also a standard for EAP, so all supplicants support this, including Android.

     There is no user cert required, but you could push one via GPO if you wanted to mutually verify the servers cert.

     Support should be in all OS, MSFT, Mac, Android, Linux etc.

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
Bronze

Re: Really getting started

What's GPO?

Ven Taylor
Cisco Employee

Re: Really getting started

Group Policy Object, it means "pushed by Active Directory to the AD clients". It's on microsoft side.

Nicolas

252
Views
0
Helpful
3
Replies
CreatePlease to create content