I am trying to setup 802.1x PEAP in my home lab. I have:
a windows 2003 enterprise server with SP2 and latest patches running as
Active Directory, DHCP, DNS, WINS. The AD domain name is LAB.
The windows 2003 is also running Cisco ACS 4.0.1 with a self-signed
certififcate. I can log into the box https://PEAP8021x:2002 so the cert
works. I also configure the ACS so that it can also use AD accounts for
Cisco Catalyst 2960 running IOS version flash:c2960-lanbase-mz.122-25.SEE2.bin.
This version supports 802.1x
A couple of WindowsXP with Service Pack 2 and latest patches that will act as
clients for the domain LAB.
Everything is connected to the Catalyst switch 2960 via CAT-5 cables.
I would like to accomplish something very simple. Before user(s) on
WinXP can even access the domain LAB, the winXP machine must be
authenticated with Cisco ACS with username/password on the AD Server
so that the machine can be placed in the correct VLAN(s). If this is just
a visitor and their machine is plugged into my network, authentication will
fail and they will be put in a guest VLAN where the only connection they have
will be acess to the Internet and that will be it. All the information will be pushed
out to the catalyst from the Cisco ACS
Can someone help me out on how to get this done? Thanks.