Here are my pains. Cisco says to:
- Use WPA, but do NOT require PSK. Apparently roaming with PSK is just bad news as the re-auth to each AP takes too long when roaming and can break up the conversation.
- Use EAP-FAST for authentication, since your non-PSK security is a bit weak.
- If I use WPA (and not PSK) I am forced into using 802.1x. Which is fine by me. I have set up RADIUS on a Windows box and I am pointing to that. There, I have created the same username/password as is configured for the Cisco AP's. But then, when I go to test it, there is only a username field and no password. It seems that this is expected (there is a GTAC KB on this). If I check the logs on the Windows side when running the test, it appears to be working (user is found, but fails due to missing password).
- What is the equivalent to EAP-FAST on the Extreme side? From what I can see, this is a protocol that Cisco made up! I guess the goal is to require authentication, but make sure it's a quick moving process. My choices on the phone are: Open, Open+WEP, Shared+WEP, LEAP, EAP-FAST, PEAP, and Autok (AKM).
Is there a list of settings that someone can recommend for these when it comes to privacy and authentication settings for these phones?