We have two Cisco 2602i devices installed in our network and around 90+ users are simultaneously connected over the network. In order to tighten the network with loop holes need to configure some features on these standalone devices.
1. Configure WPA-Enterprise with TKIP / AES
2. Disable WPS
3. MAC Address filtering so that no mobile device is connected over the network for security reasons.
What is the best method to achieve all the three points in order to avoid WEP Encryption, Password Cracking, Traffic Interception, MAC Filtering Bypass.
Since we also have ACS 5.4 but not very well versed with it.
suggested link only showing WPA2 configuration, what if WPA-Enterprise is required to be configured and how can we do so there is no WPA-Enterprise option in 2602i
WPA2-Enterprise, mean you use RADIUS server & use 802.1X/EAP for wireless connectivity. Given reference post use ACS 5.2 as RADIUS & PEAP as EAP method for wireless client authentication.
WPA2-PSK, is without RADIUS server, you configure a preshared key (PSK), which is not ideal for an enterprise as everyone has to use same PSK.
I dont have TLS certificate, can it be bypassed ??
You have to have certificate on server side for PEAP. Both server & client certs required for TLS. EAP-FAST which is not certificate based, but it is not that secure.
have to manually create all users can we bind users with mac address ??
You can create user locally on RADIUS server or you can configure RADIUS server to query Active Directory (AD). If you want to use MAC address as username/password, then you need to configure ACS for host authentication & still MAC address list to be populated
Don't we require to add AP IP Address in ACS ??
Given post, I have used "Default Network Device" option where it will allow any device configured with that shared secret to communicate with ACS.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...