I'm trying to configure EAP-FAST on one of our controllers to see if it improves our EMR on Dolphin 9900 scanners. Right now, we are running PEAP with a lot of issues where the EMR locks up and it may be due to roaming issues from AP to AP. With our PEAP setup, the scanners have to authenticate all the way to AD each time the client roams from AP to AP. I want to try and configure EAP-FAST to see if it will improves the roaming issues. Reading all the documentation so far, I've gotten that I need to generate a CA cert, apply the cert to the WLC, reboot the WLC or I could enable LSC, apply the CA cert to create an LSC to apply to the clients. What if I already have an older cert configred already on our ACS? Could I reuse the CA cert or would it be better to start from scratch?
Here Presently you are using PEAP as the authetication method. Here PEAP and EAP-FAST Both will use the Certs to Authenticate the User.
No need to download any additional Certs to the Controller. But in the EAP-FAST the AAA Server will push the PAC to the client to encrypt the data.
In the case of PEAP it won't Happen.
Here you mentioned about LSC Certs.. Those are related to the AP Joinig to the Controller.Here If you Configure the LSC On the Contrller it will force the AP To join the Controller Using LSC Cert. Default the AP Will join using the MIC Cert.
For Better understanding on EAP-FAST use the below Link.