Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
448
Views
0
Helpful
4
Replies

Cisco ACS and AD ? auth and encryption?

jorge.s
Level 1
Level 1

‎04-19-2006 02:11 AM - edited ‎07-04-2021 11:57 AM

Hi,

we have implemented a Cisco ACS, and have a Microsoft Active Directory implementation.

I would like to know what is the best security method to use for authentication and encryption

without the need to buy any Certificate or client software?

We would like to use the standard Microsoft Windows XP features, without installing any WLAN Clients.

Thanks

Jorge Sousa

Labels:
0 Helpful
4 Replies 4

pradeepde
Level 5
Level 5

‎04-25-2006 07:21 AM

There are so many flexible 802.1X authentication type support, including Extensible Authentication Protocol Transport Layer Security (EAP-TLS), Protected EAP (PEAP), Cisco LEAP, EAP-Flexible Authentication via Secure Tunneling (EAP-FAST), and EAP-Message Digest Algorithm 5 (EAP-MD5).

Certificate is just an additional level of security. It is not the only level of security available. So, I believe all the above methods can provide authentication without requiring any additional level of certficate.

0 Helpful

andrew.brazier
Level 4
Level 4

‎05-03-2006 07:56 AM

You can use MS Cert Services to generate an SSL cert for the clients and the ACS box to use. The best bit is that you can use Group Policies to deploy the cert and the WLAN SSID settings to the clients but this will only work if you use the built-in XP client (SP2 is a must) and PEAP security. Cisco do a pretty good how to:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0e4.shtml

0 Helpful

wbrowne
Level 1
Level 1
In response to andrew.brazier

‎05-04-2006 11:20 AM

The only thing about going that route is if you have a large deplyment and you are not using Enterprise edition 2k3 you will not be able to create templates for autoenrollment.

It's not that bad if you only have a handful of people, but if you have a large deployment you may want to either move to Enterprise or plan a new route of attack.

0 Helpful

jcornford
Level 1
Level 1

‎05-09-2006 04:25 AM

Your main constrainer, is that you want to use XP Zero. In order for this to work "properly" (I've deployed it some places improperly against my recommendations), you NEED certificates. "wbrowne" is correct, and you'll need 2003 Enterprise server to make the certifcate deployment managable. I'd aim to use PEAP(EAP-TLS) with machine authentication if I were you, and run WPA2/AES on the radio if all your client device adapters will handle it.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card