Steelbelt Radius, RSA SecurID, AP1232 and PEAP 802.1x implementation

Unanswered Question
Sep 26th, 2007

I am new to the wireless 802.1x world and

I would like to setup 802.1x for my lab

with the following equipments:

1) Steelbelt (aka Juniper) radius server

version 6.0 running on Windows 2003 SP 2

Enterprise server. IP address of this

server is 10.250.97.29.

2) RSA SecurID server version 6.2 running

on Windows 2003 SP 2 Enterprise Server.

IP address of the server is 10.250.97.29.

3) I use steelbelt Odyssey CA server to

generate a certificate and assign it to

the steelbelt radius. I then configure

the Steelbelt radius for PEAP.

4) I integrate RSA SecurID with

steelbelt radius and it works. I verified

by setting up AAA authentication on

AP1232 and I can telnet to the Access

Point with an account I created on

the RSA SecurID server. Here is the config

on the AP1232:

aaa new-model

aaa authentication login FUNK group radius local

aaa authentication enable default enable

radius-server host 10.250.97.29 auth-port 1812 acct-port 1813 key xxx

line vty 1

exec-timeout 0 0

accounting exec TAC

login authentication FUNK

When I log into the AP1232, it works as seen below:

[[email protected] root]# telnet 10.250.97.30

Trying 10.250.97.30...

Connected to 10.250.97.30 (10.250.97.30).

Escape character is '^]'.

User Access Verification

Username: test1

Password:

AP1232>

The IP address of the AP1232 is 10.250.97.29.

5) The Windows 2003 Enterprise Server with ip address

of 10.250.97.29 is also a AD server. It is also

running DNS, DHCP, WINS. Every services is running

and I've verified because I have "wired" Windows XP

machine and it can get IP address from the DHCP server.

6) I have a Windows XP Professional SP2 and I have a

Cisco Wireless NIC card. The card model is AIR-CB20A-A-K9.

I installed Steelbelt Odyssey wireless client on the

XP machine and it sees the cisco card.

7) I have an access point, AP1232, running IOS version

c1200-k9w7-mx.123-8.JEA1/c1200-k9w7-mx.123-8.JEA1. It

supports both A and G. I would like to set it up

to use wireless 802.1x for my wirless Windows XP

machine running odyssey wireless client.

Can someone help me how to this work with

802.1x PEAP in the most secure way? I've a basic

understanding of PEAP but the implementation

so far has been quite a challenge for me.Basically,

I would like to setup PEAP to use AES-CCM & TKIP, etc...

Here is the configuration of the AP1232.

Can some 802.1x experts help me out here? Thanks.

Attached is the configuration of my AP1232.

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ivillegas Wed, 10/03/2007 - 11:26

I don't fine anything wrong in the configuration. Make sure access point is included as a client in Radius server and PEAP is enabled on Radius server. Both server and access point seems to have same ip address.

kevin.jones1 Thu, 10/04/2007 - 18:33

I am using it as an example. Server and AP

have different IP address. Have you setup

these before? Thanks.

Actions

This Discussion