Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
947
Views
0
Helpful
2
Replies

Autonomous 2600 AP security options

Go to solution
lcaruso
Level 6
Level 6

‎01-04-2013 09:14 AM - edited ‎07-03-2021 11:17 PM

Hi,

I cannot seem to locate a good document for SAP (standalone AP) security options to authenticate a connecting device at layer2 and/or at layer3. Can anyone point me to one and/or give me a quick rundown as to best practice/what the highest level of security I can use with BYOD such as Tablet devices (Samsung) and/or laptops.

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Stephen Rodriguez
Cisco Employee
Cisco Employee

‎01-04-2013 09:25 AM

A lot of that depends on what you are wanting to do.

With ISE you can have an open SSID, that takes the user to a portal page where they put in their network credentials, and get a package pushed to them that autoconfigures a profile for a 802.1x network.

If you don't have ISE or some other way to profile a device, you can still do 802.1x but the user will need to manually build the profile.

You could still go with a PSK, and rotate it.

IMHO, WPA2/AES/802.1x is the way to go.  Whether you profile and provision the profile, or make them do it themselves, you still have the highest encryption, and users aren't likely to share their network logins.  And they still have to abide by the domain password policy.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Stephen Rodriguez
Cisco Employee
Cisco Employee

‎01-04-2013 09:25 AM

A lot of that depends on what you are wanting to do.

With ISE you can have an open SSID, that takes the user to a portal page where they put in their network credentials, and get a package pushed to them that autoconfigures a profile for a 802.1x network.

If you don't have ISE or some other way to profile a device, you can still do 802.1x but the user will need to manually build the profile.

You could still go with a PSK, and rotate it.

IMHO, WPA2/AES/802.1x is the way to go.  Whether you profile and provision the profile, or make them do it themselves, you still have the highest encryption, and users aren't likely to share their network logins.  And they still have to abide by the domain password policy.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

Go to solution
lcaruso
Level 6
Level 6
In response to Stephen Rodriguez

‎01-04-2013 09:58 AM

Thanks for your comments.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card