WPA2 enterprise security, no authentication security type in WiFi profile
We currently have a Cisco environment in which we use radius, WPA2 enterprise, AES encryption using PEAP to authenticate using our AD credentials.
We've noticed that we can configure our windows 7 client users to connect to the network in 2 ways. One way is to define all of the WAP2 settings for authentication. However, we can also connect to the wireless network if we set up our clients with the wifi profile using "no authentication (open)".
My question is, does the authentication process auto negotiate using encryption when we set them to "no authentication"? Is there a real big downfall for configuring the clients this way?
If you have in fact configured the SSID for WPA2 w/ AES-CCMP L2 encryption using 802.1x key management, then there is absolutely no way your client is connecting to "that" WLAN with explicitly defining NO Open L2 Authentication. There would have to be another AP out there that is broadcasting this same SSID with no authentication configured.
Generally, if you don't "explicitly" configure the client, it will "negotiate", however the client often may not trust the server-side certificate presented, or may be trying to deliver a certificate (smartcard or other certificate) rather than using a defined PEAP configuration. If you do "explicitly" configure NO Authentication, then there is no way this client would connect to a WPA2/AES encrypted WLAN.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...