Configure Cisco Aironet 1130AG with Windows Server 2008 RADIUS

I've been reading up on W2k8 NPS RADIUS and WPA2 for a little over a week now (here on EE and around the web) and still have found almost nothing useful for what I am trying to do which I believe is theoretically possible. I would like users/computers from AD to be automatically granted access without having to install a certificate on each machine (which judging from what I’ve read is possible). Also non windows devices such as Apple computers, BlackBerry cell phones, etc, will need to be able to still connect. Should the non windows domain devices be configured to somehow authenticate on the RADIUS side? Or is it possible/makes more sense to still have some sort of key so that the other devices can simply use the key to authenticate? Also what is the best authentication method for doing so? w2k8 NPS
cisco aironet 1130AG
ZachToubaAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nappy_dThere are a 1000 ways to skin the technology cat.Commented:
So, here are the steps you need to accomplish:

1. You needs to configure RADIUS on your 2008 box or some other device
2. You don't need to configure a certificate but it is a better option
2a. If you want to go the certificate route, you will need to setup a CA on one of your servers
3. So now you need to configure your 1130AG. If the unit came pre-configured to work with Lan Controllers, you will first need to downgrade to autonomous mode.

So let me know where you want to start if you have any of these steps already configured.  
0
ZachToubaAuthor Commented:
1. I have already installed NPS on my w2k8 box (as shown in ss1). I added my Aironet 1130AG as a RADIUS client under "RADIUS Clients and Servers" and generated a "shared secret".
2. I created a Network Policy within the Network Policies folder, with conditions:
     NAS Port Type: Wireless Other OR Wireless IEEE 802.11
     Windows Groups: mydomain\Domain Computers OR mydomain\Domain Users
3. On the cisco 1130AG I've selected WPA, entered the IP of the w2k8 RADIUS server, and entered the shared secret.

So I believe I have the very basic framework there, I just need a greater understanding of which type of authentication and encryption I should setup. Also what is the "standard" or typical setup for a small business that wants to switch to WPA / WPA2 in terms of using a certificate setup.
0
nappy_dThere are a 1000 ways to skin the technology cat.Commented:
The choice to use WPA or WPA2 encryption depends on what your devices support. If everything can support WPA2 go with WPA2.
0
Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

ZachToubaAuthor Commented:
It can, and it's currently set to WPA2 (as shown in ss2) I'm just not sure which type of EAP/PEAP authentication and encryption is best and how it would be configured.
0
nappy_dThere are a 1000 ways to skin the technology cat.Commented:
Peap is what I have configured.
0
ZachToubaAuthor Commented:
Could you please elaborate. There's many different configurations of PEAP. Once you selected PEAP did you then use "MSCHAPv2" or "Smart card or certificate" for the peap auth method (within PEAP)? Did you leave MSCHAP v1 still enabled? Did you disable MSCHAP v1 + v2 both and force certificate use?
0
nappy_dThere are a 1000 ways to skin the technology cat.Commented:
I use:
- PEAP
- EAP-MSCHAP-v2
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Networking

From novice to tech pro — start learning today.