@cxcal wrote:
I setup our WLAN using WPA2-PSK with AES over a year ago, and it works great. However the setup is not compliant, and I need to have the WLAN clients authenticating via RADIUS and smartcard. We have a microsoft AD upstream, and I stood up a RADIUS server specifically for authenticiation of the WLAN clients.
1) How do I get the users transitioned to smartcard auth. with minimal downtime?
2) Is there any additional software or configurations needed on the client to ensure smartcard authentication?
3) Is it easier to create a new SSID needed for smartcard use or can I modify existing WLAN setup?
Any help would be appreciated.
I can only offer advice for #3, as we do not use smart cards. I would definitely say start by creating a new SSID. PSK is not very secure, being that it doesn't take long for the PSK to be passed around.
I would create a new SSID for the new 802.1x setup. Then after you get most users migrated to this new SSID, put a CP up behind the PSK SSID to inform users how to migrate. That will help reduce help desk calls. You could even take it a step further and require those using the PSK to login via CP. Then you could determine who the straglers are who haven't switched to the new SSID.