I try to setup WPA/WPA2 based on the Cisco document where the Radius is pointing to itself as Local Radius server. But when client wireless is up, it can't get connect and the Windows message about try to acquire certificate is in progress. Does it mean WPA need certificate ??
If yes then which setting on AP and also Cisco ACS need to be done to setup WPA ?
I really need this urgently, the AP using WPA and user is authenticated by ACS servers. Ant good document how to setup above requirement.
WPA is not really an Auth system, it's an encryption system.
Inside WPA, you need something like PEAP, LEAP, EAP-TLS, MS-CHAPv2, EAP-MD5 ....
If you use PEAP or EAP-TLS, you'll need a certificate or two (PEAP or EAP-TTLS = Server side only, EAP-TLS - Server side AND Client side).
LEAP (if your RADIUS supports it) only needs a username & password.
EAP-FAST (if your RADIUS suports it) Would take a while to explain.
MS-CHAPv2 is usually used with Microsoft IAS or RADIUS using a MS Active Directory backend.
EAP-MD5 us usable, but generally not recommended.
If you use WPA-PSK (no RADIUS server needed, just a "passphrase") then you should come up with a nice long, strong password (no complete words, mix caps & lc, toss in some punctuation - like: "Sc03TTm@c" something you can't find in a dictionary, and longer is better; the example I posted is way too short but it's just an example).
Which authentication system are you using with WPA?
Let us know and we can give you some specific tips.
I had Cisco ACS as Radius server, and was thinking to totally avoid to have using certificate as it is complicated. I just need the user when associate to AP, it will authenticated by Cisco ACS Radius with username and password.
From you explaination sound like the LEAP is the solution. However I need this setup can support also non-Cisco wireless client , I mean any third party clients which support WPA.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...
I have created a Powershell script to automatically add a Wireless Guest
User on Cisco WLCs. (tested on 2500 Series) The script should be
completely self explanatory. Prerequisites: Powershell SNMP Module
(Install-Module -Name SNMP) SNMP Write Access to y...