I'm not sure how to even ask the right question here but if anyone has some pointers on how I can understand the configuration below or any simple concepts or explanations I would really appreciate it, many thanks.
As a novice, the settings below just say to me our system uses WPA2 security, 802.1x, PEAP MSCHAPV2 security, EAP-FAST, but how do all the various methods fit together? I doubt there is an simple explanation but anything would help.
Many thanks for getting back to me. What is WPA2 there for if 802.1x is being used? This is probably a really stupid question but I am brand new to all this so apologies.
WPA2 with pre-shared key known as WPA-Personal and WPA2 with 802.1x known as WPA-Enterprise.
The encryption layer is WPA2. The encryption keys are derived from PSK or 802.1x protocol.
WPA2 is a standard that can be used for PSK or dot1x, this is why we select it on the WLC. If your environment uses EAP-TLS as an example, on ISE side you don't need to enable any allowed protocols but EAP-TLS. However, if you use EAP-PEAP, then you only need EAP-PEAP to be enabled, and depending on what inner protocol you will be using with EAP-PEAP, whether MSCHAPv2 or EAP-TLS, you enable that accordingly. In other words, it all depends on your deployment, if you want to be very specific, which is good practice, then you just enable what you need along the whole authentication patch.
As Aref mentioned, keep in mind that inner protocol because that defines how your deployment would be since that EAP-TLS is certificate based and MSCHAPV2 uses Active Directory Credentials. The EAP-TLS Certificate can be signed by a public certificate authority or using your own PKI Infrastructure.