04-26-2010 01:24 PM - edited 07-03-2021 06:45 PM
Hello all,
Sorry if this seems stupid to any of you. Try not to flame me. I have been using wpa2 with pre-shared keys in my "small" network environment but I am getting tired of manually retyping keys to every one when someone leaves the company plus we are starting to grow at a fairly rapid clip.
I would like to implement WPA2 Enterprise but not sure where to start. I was looking for some how-to's on Cisco's site but thought this might be a good place to start.
Our environment is a mix of Linux & Windows, LDAP & AD, using Linksys WAP200's and Cisco switches.
Are there any docs for setting up wpa2 Enterprise that any of you use? Any suggestions are appreciated.
Thanks,
Solved! Go to Solution.
04-26-2010 02:47 PM
Where do you want to configure this? Client? APs?
It's best if you hook the WPA2 to your TACACS or RADIUS login account.
04-26-2010 03:31 PM
Hi, from your post I don't see that you've a PKI and use certificates in your network yet.
It will depent on the EAP type that you plan to use whether you need to roll-out server and client certificates and for that you'll need a certificate authority.
So I think that is the big blocking point in most networks to have a PKI to auto enroll certificates as no one want to do it manualy for a high number of clients, the config of the APs/AD/IAS isn't the big deal.
Haven't found a better resource/link --> http://www.cs.umd.edu/~mvanopst/8021x/howto/
....so just replace WEP with WPA2 and the rest is about the same.
As I'm not an MS server or PKI expert I hope some other members could backup my opinion.
Kind regards,
Ron
04-26-2010 02:47 PM
Where do you want to configure this? Client? APs?
It's best if you hook the WPA2 to your TACACS or RADIUS login account.
04-27-2010 11:54 AM
I was assuming at the access point. I only have a couple of them. Should I be doing it at the user device level?
04-26-2010 03:31 PM
Hi, from your post I don't see that you've a PKI and use certificates in your network yet.
It will depent on the EAP type that you plan to use whether you need to roll-out server and client certificates and for that you'll need a certificate authority.
So I think that is the big blocking point in most networks to have a PKI to auto enroll certificates as no one want to do it manualy for a high number of clients, the config of the APs/AD/IAS isn't the big deal.
Haven't found a better resource/link --> http://www.cs.umd.edu/~mvanopst/8021x/howto/
....so just replace WEP with WPA2 and the rest is about the same.
As I'm not an MS server or PKI expert I hope some other members could backup my opinion.
Kind regards,
Ron
04-27-2010 11:55 AM
That is a very good link. Thank you for that.
04-27-2010 02:06 PM
I set up my WAP to talk to IAS. The link above was pretty close (I had to adjust for W2K3) but I got though it.
It works!
The only oddity is that If I tell the laptop to not validate the certificate it works fine. If I create and download a cert it does not work. Odd.
I will try to figure that part out. Thanks again all.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide