Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Security Mode Recommendation

We have setting up a brand new WLAN. We have purchased 1131AG AP's and 4202 a Wireless LAN Controller. What is the latest and the greatest Security Mode these days or the top 3? i.e WPA2(802.1x)?

We basically want our staff to be able to roam around the office and use their laptops to access their email, files, Internet...

We also have a Microsoft IAS server to serve as the RADIUS server.


New Member

Re: Security Mode Recommendation

WPA2 using AES for Encryption and EAP-TLS is IMHO the top of the line wireless security. The only thing is, it requires a certificate on both the client and the server. PEAP can do this as well, as long as the root CA certificate is already in place on the clients.

That being said, I've seen a lot more people using PEAP and a 3rd party cert (Verisign/Thawte) lately. Most Windows machines now have the latest Thawte/Verisign Root Certs installed.

Note: There is an issue with PEAP and Windows XP that requires a patch being loaded. KB885453 is the one I believe.