<div>The Device Defaults on our cluster are set to CP7921G-1.3.4SR1 but of course the phone that I'm testing with was manually set to 1.3.3. That's a good step one.</div>
<div> </div>
<div>So with PEAP-TLS we would need a certificate on both the phone and the IAS server, with MSCHAPV2 would we only need it on the IAS server?</div>
<div> </div>
<div>Thanks!</div>
<div> </div>
<div>Jeff<br><br></div>
<div class="gmail_quote">On Fri, Aug 27, 2010 at 10:22 AM, Mike King <span dir="ltr"><<a href="mailto:me@mpking.com">me@mpking.com</a>></span> wrote:<br>
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">Jeff,<br><br>Have you considered just making another SSID, using WPA2-PSK, or WPA2<br>PEAP-MSCHAPV2?<br><br>
I initially had my phones on the same SSID as my users, but because we<br>need to require load balancing on our user wlan, I had to switch them<br>to another SSID with Loadbalancing disabled.<br><br>You will need a useraccount in your domain for PEAP-TLS or<br>
PEAP-MSCHAPV2. I just see the MSCHAPV2 as the easiest method.<br><br>Also, I'd suggest going to 1.3.4b (I think it's b, it's the latest)<br>as it has support for more EAP types.(Versus older firmwares, I know<br>
1.3.3 has them, but it was "broken")<br><font color="#888888"><br>Mike<br></font>
<div>
<div></div>
<div class="h5"><br><br>On Fri, Aug 27, 2010 at 12:38 PM, Jeff Mottishaw <<a href="mailto:mottie@gmail.com">mottie@gmail.com</a>> wrote:<br>> I am in the process of migrating all of our users/laptops to a<br>> PEAP-TLS wireless configuration using Server 2008 Active Directory<br>
> Certificate Services. That's all well and fine but now I'm a bit<br>> stumped:<br>><br>> We have a number of 7921 phones and all the documentation I am coming<br>> across for setting them up with certificates talks about using Cisco<br>
> ACS (which I don't have). Has anyone on this list used AD to store the<br>> certificates? I have been searching but there doesn't seem like there<br>> is a lot of information out there.<br>><br>> I'm wondering if I need to make users/computers for the phones or how<br>
> that works. I assume I need to make a certificate template for them<br>> and manually associate it, but I want to be sure before I go ahead<br>> with anything.<br>><br>> Thanks in advance.<br>><br>> Jeff<br>
</div></div>
<div>
<div></div>
<div class="h5">> _______________________________________________<br>> cisco-voip mailing list<br>> <a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>> <a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
><br>_______________________________________________<br>cisco-voip mailing list<br><a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br><a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
</div></div></blockquote></div><br>