Wireless security WPA - PEAP - IAS

I've recently been trying to understand how to enable enterprise level wireless security. I first had to work out what the best enterprise security was. After much searching I settled on using WPA (TKIP) with PEAP (protected eap) using Server 2003's IAS server for Radius authentication using Active Directory. This gives domain users access to the wireless network using their domain credentials. Once the wireless profile is setup users can automatically connect. TKIP ensures security through a per-frame key.

The guide below was used to configure IAS on Windows Server 2003 as the Radius server using PEAP.

Tech Republics Ultimate wireless security Guide

An important thing to note is the certificate specified as you will need this on all devices wishing to connect to the wireless network. Typically a domain certificate which will be present on all domain computers will be used. So to get non domain devices (have recently configured a Nokia e61i) to connect you will need to install the certificate used.

The next guide shows the PEAP configuration on a Cisco wireless access point.

Cisco guide

It basically involves setting up the Radius server details. Radius server IP and shared secret.

The next guide shows how to setup WPA security with TKIP on a Cisco wireless access point

Cisco Guide

This also has some troubleshooting tips at the end.

If you have PEAP working successfully you will be able to see entries in the Windows Servers security log. This helped troubleshooting the phones connectivity to the network as it was originally not using domain credentials to connect.

I will update this when I understand what the differences are between TKIP and AES, it's looking like AES has superseded TKIP, but only works on devices which support WPA2, further investigation needed!

EDIT: AES is WPA2 and is more secure than TKIP.

EDIT2: Use the wizard to set up NPS on 2008, it almost the same as IAS on 2003.