Our organization has a basic WLAN (3 aironet 350's.) Some users have 350 nics, but the majority have integrated third party nics embedded into their laptops. We also have a Cisco ACS server to which I want all the clients to authenticate to. The Cisco nics do this with no problem however; I cannot get the third-party nics to authenticate with the server. The clients all use the windows xp wireless support feature.
I have created the users on the ACS server using their MAC address as the user name and password and also set the AP up according to Cisco's documentation.
The XP wireless support software is set up to authenticate using peap. Please help!
The configuration of 802.1X authentication is not as simple as some people would like to think and there are many different implementations.
For the purposes of this answer I'm going to assume you have Windows XP on EVERY client and you are using PEAP on each laptop.
A good thing to know about PEAP is that there are two different implementations of PEAP:
- PEAP w/ CHAP – Used by Cisco and requires the Cisco ACU and CiscoSecure ACS
- PEAP w/ MS-CHAP v2 – Used by Microsoft and Incompatible with Cisco's ACU.
Also good things to know:
Now, given that you're using cards of all different types you need to check that each card is compatible with the Cisco Access Points – try using a 128bit WEP key for testing here.
After you've done that and they all work, you need to make sure that you have CiscoSecure ACS version 3.2. Only the recent release (3.2) supports the Microsoft version of PEAP. Any PEAP support prior to ACS 3.2 will be for Cisco PEAP only and will require Cisco cards with the Cisco ACU (version 6.0 or above) installed onto the laptops.
Hopefully this has sent you in the right direction.
Dig Deeper on Network Infrastructure
Related Q&A from Graham Robinson
What are the side effects of using wireless LANs with 2.4 GHz, and how can we protect our bodies from these high frequency signals? Continue Reading