Hi again. I just finished the lab 7 with some questions.
7.1: SSID IPB, the shared key may be wrong (000abcdef) if you want to use WEP, with this key you can use WPA-PSK but in the WLC is configured WEP 40bit and the solution shows other key (0000abcdef). we need at least 1 hex character to make it work (in the solution is corrected). 7.1 Why do we use only PEAP MSCHAPv2 for IPA SSID???, The DSG does not explain this election and I don´t know whether this is a mistake or 1) To support single sign-on must use MSCHAPv2 or, 2) MSCHAPv2 is the only mechanism to thwart Man-in-the-middle attacks. 7.1 For the Staff´s DSG there are not script configuration screenshot and authentication and encryption allowed screenshot to created their SSIDs. Also in all the exercises is talking about the encryption that can be used to create SSID, but not for the authentication (except for SysAdmins group), so I think we must permit any authentication protocols for both groups (Executives and Staff). 7.2 ssid3: I thing the solution shown for this ssid does not match the requirements, because the exercise talks about of the "use of GTC for the inner method" and "ensure that Phase 0 authentication will work properly". OK, Anonymous in-band provisioning requires MS-CHAPv2 to work but I think I break the lab because I don´t use GTC and the exercise is not talking about the "anonymous Phase 0 provisioning". Then I thing we can use EAP-GTC like inner method and check the "allow authenticated in-band pac provisioning" check box; then the only requirement is our client needs to have a Root CA to authenticate with ACS and then, provision the PAC, but in this way I ensure that Phase 0 will work with GTC and I don´t break the lab :); lastly, if you want to speed the proccess of the connection, you can also check the "accept client on authenticated provisioning" checkbox and you are sure that in the first attempt if the client credentials are correct the client will connect and receive the PAC at the same time. More Thoughs????? :)
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
