M and MSM Series
1748051 Members
5077 Online
108758 Solutions
New Discussion юеВ

Re: "New" wireless setup recommendations needed?

 
Cajuntank MS
Valued Contributor

"New" wireless setup recommendations needed?

I already have a MSM750 mobility controller with about 30 MSM410 access points. Very simple setup with two VSC's defined (one for private use and one for public use). The private VSC is configured with WPA2, a preshare key, and not access controlled. The public VSC is defined to a VLAN, open, access controlled, bandwidth restricted, and egresses out to the Internet port which is in my DMZ.

 

I say "new" as I want to start all over with a new 765zl mobility controller. I kinda like the existing simplicity of the two VSC(s) for public and private use, but I know I will need to add for voice in the future and was wondering about the security on the "private" VSC. I have read over the config examples and doing the 802.1X config (compared to the pre-shared key like I have now) seems like a lot of work...and I'm willing to do this (although doing web authentication looks really easy), but wanted some input from anyone that's done this setup.

 

Thanks.

4 REPLIES 4
IRO
Advisor

Re: "New" wireless setup recommendations needed?

The controller's part of the 802.1x setup is quite simple. Basically it involves defining a RADIUS profile, and setting the authentication on the VSC. (Maybe setting Called-Station-ID content). All of these are really just a few clicks :)

The server part although can be more time consuming, depending on your server and if you need to assign separate rights to them.

Or you can use AD for direct authentication, I didn't try that.

What we use is AD<->NPS(IAS)<->controller, it was simple to set up.

Cajuntank MS
Valued Contributor

Re: "New" wireless setup recommendations needed?

When you did your NPS part of the config, did you do both wired and wireless? I am just interested for now on implementing this authentication for wireless and don't want it enabled yet for wired.
IRO
Advisor

Re: "New" wireless setup recommendations needed?

Only for wireless. We don't use 802.1x on switchports.

You can set up a policy in NPS for matching only the requests coming from a specific address.

We also don't use access points for passing authentication requests, so only the controllers had to be added as RADIUS clients on the NPS servers. You can set this option per VSC.

 

Cajuntank MS
Valued Contributor

Re: "New" wireless setup recommendations needed?

Thanks for the info IRO, I was able to spend a few uninterupted hours configuring this and had most everything working except for my iPads. I would constantly get a EAP error when I tried from an iPad on the NPS server till I added additional EAP authentication methods to my policy profile (don't remember off top of my head which one I added), but as soon as I added it, my iPad started to be able to authenticate and join the wireless network as well. I was only able to test with a Win7 client and an iPad, so I will be testing some XP SP3 and Android clients hopefully tomorrow just to make sure I have everything I need. 

 

Thanks again.