We have WLSE currently setup with around 30x Aironet 1200 AP's and 10x 1130 AP's. Unfortunately there are no security or encryption. I was wondering what is the best way to provide security. We are a Windows 2003 domain as well.
Wireless Security is a very complex issue (as you have probably discovered) To recommend a "best" way to secure your environment in this forum would be doing you a real disservice :( I have attached some good "getting started" type Security docs) and would suggest having a good read of them. You may also want to engage your Cisco partner and Cisco SE to help you plan and implement this most important function of Wireless.
I would recommend that you set up a lab to set up your security for the wireless and then test it. Once you get the design down for the wireless and have tested it, you may want to have your security department or IT auditors give it a vulnerability test.
We did ours years ago and did such things as switch port mac address security so nobody could plug in an A/P and get on our network.
We put wireless on a seperate vlan considered to be unsecure.
We installed a soon to be EOL 3030 VPN to provide the AAA/encryption/tunneling and placed the 3030 in a secure computer room. Only after the AAA encrypted session coming in could you get onto the secure backbone vlan.
We installed the VPN encryption software on all PC's to encrypt/de-encrypt the traffic in a VPN tunnel.
We installed mac filtering on all A/P.
Now Cisco has the new ASA5500 series security appliances and it is really much better than the old 3030/3060 VPN's.
See your Cisco Rep, they have come a long way since we put ours in.
Word of caution, watch using inexperienced people updating your network....especially contractors. We took our lab equipment out of the box and accessed a secure network a block away for a very sensitive government facility because they did not reapply their security features and they accepted defaults after an upgrade.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...