05-09-2019 11:32 AM - edited 07-05-2021 10:21 AM
Hello Team,
We currently have a mix wireless devices from laptops authenticating using certificates and credentials to pre-shard key WPA2 to Pre-shared WPA2 keys with mac filtering.
Although, what would be recommended way (enterprise model) to authenticate for example the Cisco 8821. Should we use.
WEP
PSK
EAP-FAST
EAP-TLS
or PEAP-GTC
Thank you in advance.
Solved! Go to Solution.
05-09-2019 05:42 PM
Hi mate,
What I recommend is have ISE as authentication server.
If you manage the AD, then integrate ISE with AD.
EAP-TLS using machine authentication is the way I suggest as well for windows machine.
For mobile (company provided), then it would be good to have a user cert installed to it using MDM.
And that user is found on AD, so it is easier to manage.
For both non-company laptops and mobile, you have ways to go with BYOD and/or Guest network.
ISE has good feature for redirect and even social media login so it is easier for your users.
Cheers,
Raffy
05-09-2019 11:40 AM
05-09-2019 11:42 AM
There is good article one of vip member have a look for reference :
https://mrncciew.com/2013/03/03/eap-overview/
05-09-2019 12:06 PM - edited 05-09-2019 12:08 PM
I had to go through the same - so EAP-TLS should be the preferred choice from security point, we were deploying certs to our endpoints for VPN purposes so we are also using the same certs for the WIFI. You have to play with Active directory PKI, and NPS. The exact AP should be very easy to configure (we did Aruba sorry to mention that here:))
Good thing this setup should be pretty straight forward and well documented online!
Good luck!
05-09-2019 01:28 PM
05-09-2019 05:42 PM
Hi mate,
What I recommend is have ISE as authentication server.
If you manage the AD, then integrate ISE with AD.
EAP-TLS using machine authentication is the way I suggest as well for windows machine.
For mobile (company provided), then it would be good to have a user cert installed to it using MDM.
And that user is found on AD, so it is easier to manage.
For both non-company laptops and mobile, you have ways to go with BYOD and/or Guest network.
ISE has good feature for redirect and even social media login so it is easier for your users.
Cheers,
Raffy
05-10-2019 09:45 AM
05-11-2019 02:54 PM
Please refer the doc WiFi on 8821 .
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: