HWIC-AP + PEAP + RADIUS

allenelson · ‎09-14-2007

I've configured a 2811 ISR with an HWIC-AP-G-A for LEAP w/ RADIUS authentication. I am searching for documentation for configuring PEAP but am having a hard time finding what I am looking for.

Could anyone point me in the right direction, and tell me if it is possible to accomplish all on the router? I made a root cert through IIS tools and am not quite sure how to go about uploading it and associating it with AAA/RADIUS. Thanks in advance.

dancampb · ‎09-14-2007

As long as you are using an external Radius server all you need to do is make sure you have "authentication open eap..." under your SSID config. LEAP only uses the "authentication network-eap..." statement but PEAP and other EAP methods use the open statement.

If you are trying to use the local Radius server you will be limited to LEAP and EAP-FAST.

allenelson · ‎09-17-2007

Yes everything is local but i don't understand why that would limit the use of certificates.

It's a 2811 ISR router with an HWIC-AP module in it for wireless.

What about EAP-TTLS using PKI? Would that be possible on the ISR?

allenelson · ‎09-17-2007

Ok. I was unaware that you could only use LEAP or EAPFAST on a local authenticator.

That being said.. Anyone have suggestions for documentation on EAPFAST? I used the Cisco default configuration which is printed in 2-3 manuals for it on a local authenticator and cannot get it to work. Word for word step by step.. I'm just trying to see what my options are on an ISR with everything built in and don't want to use an external server. Thanks in advance.

allenelson · ‎09-19-2007

bump.