Hey guys - hope everyone's doing well. A client is looking to move away from using static EAP to some better form of security using Cisco ACS. Unfortunately the laptops belong to students so they don't know what cards or OS they 're running but mostly XP & Vista.
What is the safest bet to choose in terms of protocol that would be most widely supported? I just want to use dynamic WEP and authenticate my users to the network using an internal ACS database
WPA2 is still not universally supported by Windows based clients. Although less secure you could opt for WPA with TKIP to ensure max compatibility. If you are using Unified Wireless you can enable support for both WPA and WPA2 and then you pretty much catch everything.
As Patoberli states above don't even bother with WEP and also ensure that if you are using PSK for WPA or WPA2 that you do not use a dictionary word.