Configuration of an Aironet 1130AG

We have a demo of an Aironet 1130AG, and we are having issues getting it to work with PEAP Authentication and a Radius server. We don't get any errors, we are just unable to get connected. The RADIUS server is configured for the new access point. We are not sure what we are missing in the configuration of the Aironet. If anyone has configured these before, we would appreciate it.

Reply to
rf1908
Loading thread data ...

This application note has a lot of goodies in it.

formatting link
Have you configured a certificate? I have read more than once (I think) that PEAP-MSCHAP v2 requires Active Directory and perhaps a vanilla RADIUS server won't do--at least if single signon is desired.

I'm relatively new to this equipment myself though, so take my input with a grain of salt. I have used an 1130AG as a lightweight access point in a larger setup. On the client side, they were using Microsoft XP's built in supplicant set up as described in "Configuration for PEAP (EAP-MSCHAP v2) Authentication" section of the appnote above. Best Regards,

Reply to
Todd H.

Cisco 1130AG Documentation:

formatting link
If your PEAP authentication fails, it may be due to many reasons including:

  1. An incorrect username and password on the RADIUS server.

  1. An incorrect PEAP configuration.

  2. You may be experiencing Cisco bug ID CSCee06008 where PEAP fails with Aironet Desktop Utility (ADU) version 1.2.0.4.

The workaround is to use the latest version of the ADU which is either version 2.5 or 2.6.

---------------------------

CSCee06008 Bug Details:

MS PEAP machine authentication does not work with the ADU supplicant.

Users without cached credentials cannot login to Windows Domain.

If the Microsoft-supplied 802.1x supplicant is used in XP SP1 or SP2, MS PEAP machine authentication works as expected and non-cached users are able to log into Windows Domain.

There is no workaround for Windows 2000 clients.

This problem is now resolved in the Install Wizard 1.3 release for CB21AG/PI21AG adapters, available from Cisco TAC:

formatting link

---------------------------

Verify that you have entered your username and password correctly.

Verify that the username and password are set up correctly on the RADIUS server.

For information on configuring PEAP with Cisco Secure ACS, refer to:

Configuring Cisco Secure ACS for Windows v3.2 With PEAP-MS-CHAPv2 Machine Authentication

formatting link

---------------------------

Protected EAP (PEAP) is a draft EAP authentication type that is designed to allow hybrid authentication.

PEAP employs server-side Public Key Infrastructure (PKI) authentication.

For client-side authentication, PEAP can use any other EAP authentication type.

For more information on troubleshooting PEAP installations, refer to:

Troubleshooting PEAP Installations

formatting link

---------------------------

For additional information, refer to:

Wireless LAN Security White Paper

formatting link
For downloading the latest version of ADU, refer to:

Download Software

formatting link
Hope this helps.

Brad Reese BradReese.Com - Cisco Repair

formatting link
Hendersonville Road, Suite 17 Asheville, North Carolina USA 28803 USA & Canada: 877-549-2680 International: 828-277-7272 Fax: 775-254-3558 AIM: R2MGrant BradReese.Com - Cisco Power Supply Headquarters
formatting link

Reply to
www.BradReese.Com

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.