I suspect the answer to the question is simply ?No? but you guys may know better
The scenario is as follows:
A wireless infrastructure with Cisco Aironet 1200 access points in over 50 different locations. Each location has a connection back to one central site. There is no wireless coverage between locations, so it's a kind of a hub and spoke topology. The connections back to the central site are Internet based VPN tunnels which are not entirely reliable and may have some latency issues.
The Wireless clients will be installed on Buses. These buses will be moving from location to location. Each time they come within range of an AP they should be automatically authenticated with no manual intervention ? this part is pretty straightforward (I think)
The client devices on the Buses must use PEAP authentication they authenticate to a Windows 2003 server with IAS (Radius) and CA services running at the central site
If the Link to the central site goes down and the IAS server is unavailable, is there any way the clients can authenticate and be given access to the Wireless network?
Re: Wirless /PEAP / Radius / Scenario type question !
I don't think it'll happen, as described.
Even if you made each of fifty site a separate subnets and each of the fifty APs a WDS or used a WLSM to get L2/L3 mobility or used the LWAP stuff ... everything relies on access to, or through, a central site.
Without access to the central site for handoff information and/or authentication, the system would fail.
If you can swing some sort of redundant connection (maybe a wireless backbone?) then there are a couple approaches.
If you're dealing with a fairly static client base, then you may want to look into using certificates versus PEAP ... it might make the auth process a little more seamless (and it still works with the MS IAS/CA system).
If you engage a commercial CA (like Verisign), then you could do the authentication against the commercial CA from each of the fifty sites via the Internet (eliminates the need for auth access to the central site).
I believe you can also establish a CA hierarchy such that if access to one is blocked, the client can try the next in line.
This is the only way I can think of to get around your "central site" single point of failure.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...