https://community.cisco.com/t5/wireless/getting-started-peap-w-secureacs/m-p/838366#M144625 <P>Kind of new to the more advanced Wireless stuff, and must making sure I'm on the right track. We have the following:</P><P></P><P>4400 series WLCs w/ 4.1 software</P><P>1242 APs</P><P>SecureACS 4.0 servers</P><P>Unix LDAP servers</P><P>Windows 2000 servers running AD</P><P>Mix of Windows, Linux, and Mac clients</P><P></P><P>Given the above list, we'd like to have secure (encrypted + authenticated) wireless access for users. I'm thinking PEAP with the SecureACS servers is the way to go. Does this sound right, and where should I look for configuration documentation?</P><P></P> Sat, 03 Jul 2021 22:08:18 GMT johnnylingo 2021-07-03T22:08:18Z https://community.cisco.com/t5/wireless/getting-started-peap-w-secureacs/m-p/838366#M144625 <P>Kind of new to the more advanced Wireless stuff, and must making sure I'm on the right track. We have the following:</P><P></P><P>4400 series WLCs w/ 4.1 software</P><P>1242 APs</P><P>SecureACS 4.0 servers</P><P>Unix LDAP servers</P><P>Windows 2000 servers running AD</P><P>Mix of Windows, Linux, and Mac clients</P><P></P><P>Given the above list, we'd like to have secure (encrypted + authenticated) wireless access for users. I'm thinking PEAP with the SecureACS servers is the way to go. Does this sound right, and where should I look for configuration documentation?</P><P></P> Sat, 03 Jul 2021 22:08:18 GMT https://community.cisco.com/t5/wireless/getting-started-peap-w-secureacs/m-p/838366#M144625 johnnylingo 2021-07-03T22:08:18Z https://community.cisco.com/t5/wireless/getting-started-peap-w-secureacs/m-p/838367#M144626 <HTML><HEAD></HEAD><BODY><P>PEAP would work fine with that setup. Here's a link to the doc on setting up the controllers and ACS to use PEAP.</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00807917aa.shtml" target="_blank">http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00807917aa.shtml</A></P><P></P><P></P></BODY></HTML> Tue, 01 Jan 2008 14:17:14 GMT https://community.cisco.com/t5/wireless/getting-started-peap-w-secureacs/m-p/838367#M144626 dancampb 2008-01-01T14:17:14Z https://community.cisco.com/t5/wireless/getting-started-peap-w-secureacs/m-p/838368#M144627 <HTML><HEAD></HEAD><BODY><P>Good Stuff. Thanks for the link.</P><P></P><P>What I'm curious about is the CA setup. If we already have a CA, can't we just generate, sign, and install a cert for each ACS server and then be good to go? </P><P></P><P>Or, could we even use self-signed certs, assuming that the PEAP client allows it?</P><P></P></BODY></HTML> Sat, 05 Jan 2008 08:29:54 GMT https://community.cisco.com/t5/wireless/getting-started-peap-w-secureacs/m-p/838368#M144627 johnnylingo 2008-01-05T08:29:54Z https://community.cisco.com/t5/wireless/getting-started-peap-w-secureacs/m-p/838369#M144628 <HTML><HEAD></HEAD><BODY><P>Don't use self signed certs. I've gotten them to work, but it can be spotty depending on the supplicant. Even on the same PC.</P><P></P><P>Since you have a PKI infrastructure you should use that. The exception would be if you had a lot of user that are not members of your domain (at least the PCs). In that case you would have to import the root CA cert into the PCs. Given the low cost of commercial certs it we be worth it to loose the hassle factor.</P><P></P><P>You could also use IAS on the DC's as this is an AD environment. It is a simpler configuration and I find authentication to be faster using IAS. The exception would be if the users access the network are not members of AD. In that case ACS makes more sense. You can add the users to AD, but you would have to purchase a CAL to be legal, whereas ACS wouldn't care. </P><P></P></BODY></HTML> Wed, 09 Jan 2008 23:21:15 GMT https://community.cisco.com/t5/wireless/getting-started-peap-w-secureacs/m-p/838369#M144628 SHANNON WYATT 2008-01-09T23:21:15Z