I have currently setup a 2106 controller with 1100 series AP's the authentication is done via radius and IAS. The certificate is installed on the domain laptops and when I connect wireless it shows up as WPA2 (Peap). As I take it you need the certificate and domain credentials and dial in access to access the network. Is there anything to worry about with this setup or is this strong enough security.
"As I take it you need the certificate and the domain credentials.........."
Actually this is incorrect and easy to misunderstand. Authentication with PEAP only requires a Server side certificate. It does not require that a supplicant (Laptop/ipad etc) have a certficate to connect.
All the certificate is there for is so that the supplicant does not connect to a rogue AP. If the supplicant does not wish to validate the Server certificate, it WILL be able to connect with just domain user id and password. The only protection you have from allowing someone to connect to your network using PEAP is whatever form of Radius you are using in this case. Server side certificates DO NOT protect access. An easy test is to use your iphone to connect and deselect "validate" certificate and just enter your user id and password and you will connect.