Solved

Cisco Wireless Controller 802.1x authentication

Posted on 2013-11-08
1
709 Views
Last Modified: 2013-12-06
Hello,

We are looking at options for authenticating multiple platforms (Win, MAC, iOS, Android) on our Wireless network in the most seemless/transparent way.  

Our network consists of:

5508 Wireless controllers
Cisco PRIME
Cisco ACS for RADIUS.

Ideally we would like to be able to connect the wireless network and have a SSO with our AD credentials be used.  If its a mobile device, than a username/password prompt be offered that is tied into AD.  Hopefull we won't have to install a certificate on every machine but if its possible, it'll be good to know.

Any advice would be appreciated, thanks.
0
Comment
Question by:L8C
1 Comment
 
LVL 45

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 39635808
You'll need to use PEAP-MSChapV2 to authenticate mobile devices if you want to tie it in to AD.  This can be done without device certificates, but it does mean the AD login can be used on ANY device in the world that supports PEAP.

If you've not already purchased ACS I'd strongly suggest going with ISE instead.  That will give you a lot more granularity and control in terms of mobile authentication and network management.

I would deploy certificates to domain-joined devices though.  It's easy to do this with autoenrolment via GPO and will ensure a strong level of security if you decide to offer domain machines more network access than mobile devices, for example.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question