We have about 20 cisco wireless lan controllers in our environment, placed on different locations.
Today we broadcast two SSIDs, one with web-auth and one with WPA + WPA2+802.1X.
This is a ok solution, but we are now looking for a way to improve the security.
The perfect solution would be that we could install a certificate when we install the user computers, and that this was used to authenticate the user to the wireless network. We should also be able to distribute the certificate with a gpo setting or something like that as well, for old computers that wont be reinstalled for a while.
We also have to log all traffic with the users username, but I hope that it is enough that the user is in the domain and dont have to authenticate with credentials again when connecting to the wireless network (we use ISA server for logging).
Does anyone have a idea on how we can solve this?
Thanks in advance :)