Wireless For Staff
All our Staff have laptops with wireless capabilities and we have a few wireless points in certain areas i.e board room and staff room etc. I want a way in which staff dont have to put in the wireless key all the time.
I have been reading about a radius server but how much work are they to setup?
If you set up connection manually enter the key then click connect automatically they don't have to do anything laptop will connect.
Setting up IAS (Microsoft's version of Radius) is pretty trivial - it's a while since we did it but it was wizard driven and with no difficult questions :-)
You then set a group policy to say that you want the machine to use Radius and the job is done.
Well worth doing :-)
Have a look at this guide.
Originally Posted by Sunderwood
All our Access points are identically configured, so the Laptops work fine whereever.
Just out of interest why do your staff have to keep putting the key in each time? For an easy fix just make all APs have the same ssid and wpa key?
At our school we use PEAP / 802.1x for our wireless network using Cisco access points - no keys to input as they are generated by the IAS server dynamically. Everything rolled out using group policy unlike Pre-shared keys which are a nightmare to manage roaming between access points works also. PSK tends to hang onto an access point even when it goes out of range forcing the user to repair the wireless each time.
If you do go to using Radius then I would definately follow a step by step guide as installing the required cert authority can be tricky - The Radius / IAS setup is a doddle in comparison.
We authenticate with Machine certs, and log in with user credentials via radius. Radius then assigns staff to a certain VLAN, and we do user credentials via radius for students, and put them in a VLAN that is controlled by a ACL allowing communication to the firewall only, and ports 80/443.
That depends if the laptops are on the domain... our laptops aren't but once the WEP key has been entered they connect automatically...
Originally Posted by ssiruuk2
We don't want laptops to be on the domain...