Folks, greetings.
We are about to go for a VoWLAN deployment and we are having a hard time deciding on what security to set on the wlan, and the authentication server.
There are so many options: EAP/PEAP, EAP/LEAP, EAP/TLS, ACS, FreeRadius, NPS. Not to mention the PKI infrastructure. AD, LDAP, ....
We are digging the documentation, but it seems that there is not a common sense on what is the best balance between security, performance, manageability. We have also
read that 802.1x causes problems during the roaming of the phones. Is that true? Any trick to avoid that?
What is the easiest way to deploy security on this sort of environment without having an adminstrative nightmare and communications or performance issues?
Can we go for Local EAP set on WLC and having only one user certificate to be rolled out on all the 7925G phones? Is it possible or is it mandatory to have as many
users certificates as phone devices?
How about using the MIC preloaded on the phones; any hint on that?
I have read that WPA2/PSK/TKIP is the recommended, but I don't think the customer will want to go over all the 7925Gs to change the psk in the case of a psk leakage.
Of course we will go for a lab prior to the implementation.
Versions envolved:
WLC 7.5.102 (it will be upgraded)
7925G 1.4.5.3
Any help will be highly appreciated.
Regards,
FPJ