|
The configuration of 802.1X authentication is not as simple as some people would like to think and there are many different implementations.
For the purposes of this answer I'm going to assume you have Windows XP on EVERY client and you are using PEAP on each laptop.
A good thing to know about PEAP is that there are two different implementations of PEAP:
- PEAP w/ CHAP – Used by Cisco and requires the Cisco ACU and CiscoSecure ACS
- PEAP w/ MS-CHAP v2 – Used by Microsoft and Incompatible with Cisco's ACU.
Also good things to know:
For ALL 802.1X implementations (PEAP, LEAP, EAP-TLS, etc) you need a card that supports 128bit WEP.
Not all 128bit WEP implementations are compatible with each other (please see my earlier postings explaining WEP), thus you may find that some cards simply will NOT work with some access points when you try and use 128bit WEP OR any type of 802.1X user authentication.
Now, given that you're using cards of all different types you need to check that each card is compatible with the Cisco Access Points – try using a 128bit WEP key for testing here.
After you've done that and they all work, you need to make sure that you have CiscoSecure ACS version 3.2. Only the recent release (3.2) supports the Microsoft version of PEAP. Any PEAP support prior to ACS 3.2 will be for Cisco PEAP only and will require Cisco cards with the Cisco ACU (version 6.0 or above) installed onto the laptops.
Hopefully this has sent you in the right direction.
Cheers.
|
