Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

securing wireless

Hello there - Does anybody have any links or pointers that could help me out? What I'm trying to do is make our wireless a little more secure. Currently we are using WPA2 PSK for access to our wireless network mainly for Cisco IP phones (7920) but more folks are starting to connect using laptops and cellular phones/PDA's. I am trying to come up with a plan to possibly keep the current SSID and VLAN the same so that it will not affect the 7920 phones and create a new VLAN and SSID for laptops and other things like smart phones. I have been reading through the documentation and posts here but it has become a little confusing and I cannot find anything that looks like my issue so I need some assistance. Is there any way that we can set it up to make the users login (and check those credential against our AD) before they are allowed onto the network but still keep one SSID up using WPA2 PSK for things like the 7920 phones? I realize that it may not be the most secure but I don't really know how you would install a certificate onto something such as a smart phone or PDA, let alone users that bring in their own laptops but are not added to the domain. Just to give an idea of our environment, we only have 6 AP's, one of which is setup as a WDS for roaming and we also have a Cisco ACS server for authentication. The ACS server gets it's users from our domain controllers and dynamically maps them. If anybody has any ideas or links or suggesstions I am all ears.

5 REPLIES
New Member

Re: securing wireless

You are correct by seperating Voice. Create another SSID & VLAN. Your security level depends on what kind of clients you will service on your WLAN. Obviously not all clients support WPA2, etc. If you want something secure, and your clients support it, go with WPA2/AES + EAP using your existing ACS server w/ Active Directory. If you still need to service less security-enabled devices (PDA, smartphones), you could always create another SSID/VLAN w/ WEP or TKIP, etc. and set up some sort of filters/ACLs so that their traffic cannot reach sensitive areas on your network.

Hall of Fame Super Silver
New Member

Re: securing wireless

Thanks for the response and the links. Would you possibly have any links that show how to set it up without using a WLC? We currently don't have one and I can't see us getting one anytime soon. Thanks for the links, I had not see a couple of them but they have some really good information.

New Member

Re: securing wireless

Thank you for the advice.

Hall of Fame Super Silver

Re: securing wireless

139
Views
10
Helpful
5
Replies
CreatePlease to create content