cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
353
Views
0
Helpful
1
Replies

Securing a wireless network with 802.1x + WPA

gratzcollege
Level 1
Level 1

I'm currently in the process of designing a new wireless network and am looking to do both authorization from a RADIUS server (Active Directory) and encryption using WPA. Rather than setting a pre-shared key and distributing it to all the users I would rather have the AP automatically distribute the encryption key after the user has authenticated. Is this possible? If so, which Cisco AP's support this functionality?

1 Reply 1

I don't think you can do that. You might want to think about the following (if you have all Windows clients)

- Use PEAP machine authentication and push out the config (over the wire) via GPO

- Configure a domain controller with PKI (Certificate Services) and machine auto-enrollment. Use EAP-TLS for authentication, and push out the wireless config via GPO

- Use WPA with PSK and push out the config via GPO.

The only problem is that your wireless client config would need to be pushed out over the wire (not wireless) via GPO. This also assumes that your wireless supplicant is Wireless Zero Config (and not the Intel PROset or Cisco Aironet stuff).

I'm afraid you're going to have to touch the machines one way or the other, but you can touch them remotely (via GPO) or touch the manually to configure the wireless settings.

Review Cisco Networking for a $25 gift card