09-05-2014 06:01 AM - edited 07-05-2021 01:29 AM
Folks, greetings.
We are about to go for a VoWLAN deployment and we are having a hard time deciding on what security to set on the wlan, and the authentication server.
There are so many options: EAP/PEAP, EAP/LEAP, EAP/TLS, ACS, FreeRadius, NPS. Not to mention the PKI infrastructure. AD, LDAP, ....
We are digging the documentation, but it seems that there is not a common sense on what is the best balance between security, performance, manageability. We have also
read that 802.1x causes problems during the roaming of the phones. Is that true? Any trick to avoid that?
What is the easiest way to deploy security on this sort of environment without having an adminstrative nightmare and communications or performance issues?
Can we go for Local EAP set on WLC and having only one user certificate to be rolled out on all the 7925G phones? Is it possible or is it mandatory to have as many
users certificates as phone devices?
How about using the MIC preloaded on the phones; any hint on that?
I have read that WPA2/PSK/TKIP is the recommended, but I don't think the customer will want to go over all the 7925Gs to change the psk in the case of a psk leakage.
Of course we will go for a lab prior to the implementation.
Versions envolved:
WLC 7.5.102 (it will be upgraded)
7925G 1.4.5.3
Any help will be highly appreciated.
Regards,
FPJ
09-06-2014 01:41 PM
Hi FPJ,
Here is the latest 7925G deployment guide which should be followed for any directions.
If you are using EAP, then PEAP is the less administrative (no clietn certs) & provide enough security as well. Local EAP on WLC may not be scalable/flexible as WLC won't act as full RADIUS server.
You have to configure CCKM to get faster roaming experience (ie 802.1X+ CCKM as L2 AKM suite). Below should gives you an idea how roaming works in WiFi
http://mrncciew.com/2014/09/02/cwsp-802-11-roaming-basics/
HTH
Rasika
**** Pls rate all useful responses ****
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide