Forum

RADIUS is just one option. You want to focus on non-device based security measures. If the device is lost or compromised so is your security. Funk has a RADIUS solution as do WINDOWS, LUCID LINK and others. You can also use certificates or RSA devices. Layered security is harder to penetrate. As for EWGs they seem to be going the way of the dinosaur. If you are going to allow guest access, place the AP on a separate VLAN and use WPA2 PSK. Do not allow that VLAN access to anything other than the internet. DHCP should occur after open authentication and association, as well as EAP authentication and association. I would move it from the switch as you stated. eDirectory gives you a level of non-device based security. The question is, how secure is secure enough? There is no correct answer, as situations vary. You should also use a wireless intrusion prevention and detection system if budget and need allow. There is not a security on and off switch. You will need to examine several options, from cell sizing to AES encryption. A good read to scare/enlighten you is Wi-Foo. When you see how you may be attacked you can plan a good defense.