We have a Cisco WLC-4402 and ACS v4.1. Until recently we've been running our wireless wide open and using VPN for encryption, but want to move to WPA/WPA2 for all our clients. We will use the idEngines AutoConnect product to configure the clients (student machines) but I've run into problems just getting the wireless configured.
Since we want to use WPA, that means some flavor of EAP. The student data is on an ldap server, so that means WPA/2-enterprise, no WPA-PSK. The Windows clients support EAP-TLS and EAP-PEAP(MSCHAPv2), but we don't want to bother with certificates on the client so EAP-TLS is out. It looks like EAP-PEAP(MSCHAPv2) is the way to go, but the Cisco WLC and ACS only support EAP-TLS, EAP-FAST or EAP-GTC. Cisco TAC's answer was, more or less, "Just install clients that have the Cisco Compatible Extensions (CCX)." The SecureW2 client does support EAP-GTC. It also supports EAP-TTLS--the ACS supports PEAP/TLS, PEAP with TLS as an inner method. Don't know if those two are the same or not. I'm sure someone has gotten this to work before. Does authenticating to an ldap server mean we are forced to use EAP-TLS with client certs, install some client on the student machines, or is there another way? John York Network Engineer Blue Ridge Community College ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
