Hello there - Does anybody have any links or pointers that could help me out? What I'm trying to do is make our wireless a little more secure. Currently we are using WPA2 PSK for access to our wireless network mainly for Cisco IP phones (7920) but more folks are starting to connect using laptops and cellular phones/PDA's. I am trying to come up with a plan to possibly keep the current SSID and VLAN the same so that it will not affect the 7920 phones and create a new VLAN and SSID for laptops and other things like smart phones. I have been reading through the documentation and posts here but it has become a little confusing and I cannot find anything that looks like my issue so I need some assistance. Is there any way that we can set it up to make the users login (and check those credential against our AD) before they are allowed onto the network but still keep one SSID up using WPA2 PSK for things like the 7920 phones? I realize that it may not be the most secure but I don't really know how you would install a certificate onto something such as a smart phone or PDA, let alone users that bring in their own laptops but are not added to the domain. Just to give an idea of our environment, we only have 6 AP's, one of which is setup as a WDS for roaming and we also have a Cisco ACS server for authentication. The ACS server gets it's users from our domain controllers and dynamically maps them. If anybody has any ideas or links or suggesstions I am all ears.
You are correct by seperating Voice. Create another SSID & VLAN. Your security level depends on what kind of clients you will service on your WLAN. Obviously not all clients support WPA2, etc. If you want something secure, and your clients support it, go with WPA2/AES + EAP using your existing ACS server w/ Active Directory. If you still need to service less security-enabled devices (PDA, smartphones), you could always create another SSID/VLAN w/ WEP or TKIP, etc. and set up some sort of filters/ACLs so that their traffic cannot reach sensitive areas on your network.
Thanks for the response and the links. Would you possibly have any links that show how to set it up without using a WLC? We currently don't have one and I can't see us getting one anytime soon. Thanks for the links, I had not see a couple of them but they have some really good information.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...