?
Solved

Cisco Wireless Controller 802.1x authentication

Posted on 2013-11-08
1
Medium Priority
?
720 Views
Last Modified: 2013-12-06
Hello,

We are looking at options for authenticating multiple platforms (Win, MAC, iOS, Android) on our Wireless network in the most seemless/transparent way.  

Our network consists of:

5508 Wireless controllers
Cisco PRIME
Cisco ACS for RADIUS.

Ideally we would like to be able to connect the wireless network and have a SSO with our AD credentials be used.  If its a mobile device, than a username/password prompt be offered that is tied into AD.  Hopefull we won't have to install a certificate on every machine but if its possible, it'll be good to know.

Any advice would be appreciated, thanks.
0
Comment
Question by:L8C
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 46

Accepted Solution

by:
Craig Beck earned 2000 total points
ID: 39635808
You'll need to use PEAP-MSChapV2 to authenticate mobile devices if you want to tie it in to AD.  This can be done without device certificates, but it does mean the AD login can be used on ANY device in the world that supports PEAP.

If you've not already purchased ACS I'd strongly suggest going with ISE instead.  That will give you a lot more granularity and control in terms of mobile authentication and network management.

I would deploy certificates to domain-joined devices though.  It's easy to do this with autoenrolment via GPO and will ensure a strong level of security if you decide to offer domain machines more network access than mobile devices, for example.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question