Yes. We aren't using the wpa-tkip with acs, but we do use ias (windows)
for radius, we have our clients uncheck the 'Validate Server
Certificate' option and away they go.
http://www.geneseo.edu/CMS/display.php?page=5200&dpt=cit
http://www.geneseo.edu/CMS/display.php?page=5198&dpt=cit
http://www.geneseo.edu/CMS/display.php?page=5199&dpt=cit
We like how it works. We run 4 4404's with 350 1242ag access points.
-Rick
ktaillon wrote:
We are trying to implement a WPA/TKIP Wireless authentication. We are
using ACS Solution Engine which backs into AD for Authentication. We
are currectly using WEP.
We are looking for the least amount of client setup to make this
change. Cisco has told us to use the PEAP MSCHAPv2 connection with a
one-way cert, the cert or CA would only be installed on the ACS server
and the client would uncheck the 'Validate Server Certificate' under
the protected EAP properties. They also told us that the PEAP tunnel
that is created would be comparable to having a cert on the client.
This seems to be working fine in our tests and is very simple setup
for the clients.
Are any of you running your connection setup this way?
Ken Taillon
Network Support Specialist
Information Technology Services
Wesleyan University
860-685-5657
********** Participation and subscription information for this
EDUCAUSE Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
--
Rick Coloccia, Jr.
Network Manager
State University of NY College at Geneseo
1 College Circle, 119 South Hall
Geneseo, NY 14454
V: 585-245-5577
F: 585-245-5579
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
