I am new to the wireless 802.1x world and
I would like to setup 802.1x for my lab
with the following equipments:
1) Steelbelt (aka Juniper) radius server
version 6.0 running on Windows 2003 SP 2
Enterprise server. IP address of this
server is 10.250.97.29.
2) RSA SecurID server version 6.2 running
on Windows 2003 SP 2 Enterprise Server.
IP address of the server is 10.250.97.29.
3) I use steelbelt Odyssey CA server to
generate a certificate and assign it to
the steelbelt radius. I then configure
the Steelbelt radius for PEAP.
4) I integrate RSA SecurID with
steelbelt radius and it works. I verified
by setting up AAA authentication on
AP1232 and I can telnet to the Access
Point with an account I created on
the RSA SecurID server. Here is the config
on the AP1232:
aaa authentication login FUNK group radius local
aaa authentication enable default enable
radius-server host 10.250.97.29 auth-port 1812 acct-port 1813 key xxx
line vty 1
exec-timeout 0 0
accounting exec TAC
login authentication FUNK
When I log into the AP1232, it works as seen below:
[[email protected] root]# telnet 10.250.97.30
Connected to 10.250.97.30 (10.250.97.30).
Escape character is '^]'.
User Access Verification
The IP address of the AP1232 is 10.250.97.29.
5) The Windows 2003 Enterprise Server with ip address
of 10.250.97.29 is also a AD server. It is also
running DNS, DHCP, WINS. Every services is running
and I've verified because I have "wired" Windows XP
machine and it can get IP address from the DHCP server.
6) I have a Windows XP Professional SP2 and I have a
Cisco Wireless NIC card. The card model is AIR-CB20A-A-K9.
I installed Steelbelt Odyssey wireless client on the
XP machine and it sees the cisco card.
7) I have an access point, AP1232, running IOS version
supports both A and G. I would like to set it up
to use wireless 802.1x for my wirless Windows XP
machine running odyssey wireless client.
Can someone help me how to this work with
802.1x PEAP in the most secure way? I've a basic
understanding of PEAP but the implementation
so far has been quite a challenge for me.Basically,
I would like to setup PEAP to use AES-CCM & TKIP, etc...
Here is the configuration of the AP1232.
Can some 802.1x experts help me out here? Thanks.
Attached is the configuration of my AP1232.