We are currently behind the times in our small school district when it comes to our wifi infrastructure. We finally have secured some funding to upgrade. We currently are using Cisco, with wireless G access points and are moving to N. I have received competitive quotes from Cisco and Meraki. Both quotes balance out to be about the same money because we already own the controllers. For installation with Cisco, all we have to do is swap out the access points. With Meraki we would be starting basically from scratch, which is no big deal as this would be deployed this summer. Does anyone recommend one over the other from a performance standpoint and management?
Here is my next question, right now we have been using WPA2-PSK and it has become totally unmanageable now with mobile devices, Staff BYOD and smarter students :)
I realize we have to move to something like WPA2-Enterprise. I have started to review the requirements as we do not currently have a PKI infrastructure or Radius server. I am a total newbie to PKI, as we use third party certs for our email and web based applications. I am looking into PEAP, EAP-TLS, MsChapv2 etc.. Can anyone make a recommendation to which one we should be using. Ideally we would like to have 2 SSID's - One (Corp) network (district owned devices, laptops, IPads) and One Guest Network (Guests and Staff owned devices). Right now we don't allow students to bring in there devices just yet, this may change in the future as we've added internet bandwidth. So how could we prevent students from putting in there usernames/passwords and getting access using there own devices, is this something I can do with NPS?
Thanks everyone for your time in helping me with this.
I don't really know if you can install this into schools yet, but what about looking into eduroam?
FYI Cisco bought Meraki.
So your difference is this: Cisco is controller based, Meraki is "cloud" based.
I would suggest in either case get some test/trial gear and try it out. Meraki gear is simpler to use out of the box and their management portal is fairly easy to use. If your VAR won't get you gear to try out, get a new VAR. I absolutely will not ever buy anything without using it hands-on.
PKI isn't that difficult. Setting up a root CA within your domain and then using that for 802.1x authentication (wired or wireless) is not "easy" but it is fairly intuitive with a little reading and research.
If you want a dead simple on-boarding process I'd have to say that Ruckus' Zero-IT Activation is excellent. Users register their own devices, are assigned a PSK (up to 63 characters, that they never see) and the device is automatically configured for the WLAN.
BYOD Solution | Ruckus Wireless
Somethings to consider:
Cisco have bought Meraki - what will happen with Meraki's support and pricing?
You own a controller you were using with 11g - will it be enough for 11n?
Thank you to those that replied. I am currently checking out eduroam and looking into Radius/PKI infrastructure. I did get a quote from Ruckus but it was significantly higher than other solutions. PKI doesn't look super difficult, just time consuming and following step by step with some good tutorials. Those are good points BlueFlag about Meraki support and pricing. We had a couple of 4400 series controllers that were upgraded to 5508 controllers a year ago (long story there). So I am pretty confident that the 5508 should be able to handle 11n.