[cisco-voip] wireless phones

Mike King me at mpking.com
Fri Aug 27 13:22:32 EDT 2010


Jeff,

Have you considered just making another SSID, using WPA2-PSK, or WPA2
PEAP-MSCHAPV2?

I initially had my phones on the same SSID as my users, but because we
need to require load balancing on our user wlan, I had to switch them
to another SSID with Loadbalancing disabled.

You will need a useraccount in your domain for PEAP-TLS or
PEAP-MSCHAPV2.  I just see the MSCHAPV2 as the easiest method.

Also, I'd suggest going to 1.3.4b  (I think it's b, it's the latest)
as it has support for more EAP types.(Versus older firmwares, I know
1.3.3 has them, but it was "broken")

Mike


On Fri, Aug 27, 2010 at 12:38 PM, Jeff Mottishaw <mottie at gmail.com> wrote:
> I am in the process of migrating all of our users/laptops to a
> PEAP-TLS wireless configuration using Server 2008 Active Directory
> Certificate Services. That's all well and fine but now I'm a bit
> stumped:
>
> We have a number of 7921 phones and all the documentation I am coming
> across for setting them up with certificates talks about using Cisco
> ACS (which I don't have). Has anyone on this list used AD to store the
> certificates? I have been searching but there doesn't seem like there
> is a lot of information out there.
>
> I'm wondering if I need to make users/computers for the phones or how
> that works. I assume I need to make a certificate template for them
> and manually associate it, but I want to be sure before I go ahead
> with anything.
>
> Thanks in advance.
>
> Jeff
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>


More information about the cisco-voip mailing list