The specification was for Cisco, but IMHO Cisco Controllers are bloatware for this kind of situation
- Small amount of in-house IT at client site +
- Big cost of Cisco controllers (+ possible ongoing configuration and maintenance needs)
- = bad choice
I looked into meraki and aerohive -
The "fat AP is out" right? Thin is in.. OOps - not anymore. These APs look like they do a fair amount of processing, but are in some way "collaborative" and "self-managing" (WRT sharing the airspace and routing traffic at least). So I would call them "fat and sassy" APs- But the preferred term by vendors seems to be "Smart".
I am still reading up and playing with Aerohives nice online demo tool. Meraki looks like they have really geared their product to exploit Cisco's pricing in this area - in terms of ease of manageability and price - they even have a Meraki vs Cisco calculator. -Which admittedly has list prices for Cisco stuff that you will never pay.
Even so, their "cloud controller" option makes sense for hotels and other public access networks.
HOWEVER. Reading Meraki's product literature, (a network security whitepaper) I was bothered by evil half-factiods, which made me wonder if they are sloppy or sleazy in other ways.
WPA2-Enterprise, also known as 802.1x,WPA2-Enterprise is not known as 802.1x - Maybe you mean 802.11i ?
is considered by many to be the “gold standard” of wireless security. In this architecture, each client(known as a supplicant) uses a unique username and password to authenticate on the wireless network.Um, WPA2- Enterprise - using 802.1x/EAP can do a number of different types of authentication, including certificates.
The client’s username and password are checked against any Active Directory or LDAP server that supports the RADIUS protocol (and most do).You really don't need to mention Active Directory here, because that has nothing to do with it.
Also Radius is not really necessary, though almost always used. I would reword this as:
"The most common form of WPA2-Enterprise uses 802.1x authentication to to allow the access point to check user and password information for each client against an authentication server. This authentication server is almost always a RADIUS server "
Meraki supplies an integrated RADIUS server that companies can use instead of a stand-Whoa! 802.1x has been around before wireless lans. It is not so new.
alone server if they wish. The primary advantages of WPA2-Enterprise are that it is highly secure and scales well. IT administrators can re-use their existing authentication
infrastructure, so as employees come and go they are automatically added and removed from the wireless network. There is also no need to VPN. Since 802.1x is a relatively new standard,
client support is still evolving. As of 2009, support is common on most laptop and PC operating systems. However, support for PDAs, scanners, and other devices stillI am not sure on the preceeding because there is some legitimacy to what they are saying here.
varies. In addition, client configuration can sometimes be complex.
While implementation of 802.1x has often been highly complex, Meraki
has simplified the process significantly. 802.1x takes just a few clicks to
deploy, and is no more difficult than implementing WPA2-PSK.
But I think it should be worded "implementation of 802.1x authentication in WPA2" to clarify.
Am I just being picky? or maybe my understanding of the issues is rusty?