09-26-2007 06:58 AM - edited 07-03-2021 02:41 PM
I am new to the wireless 802.1x world and
I would like to setup 802.1x for my lab
with the following equipments:
1) Steelbelt (aka Juniper) radius server
version 6.0 running on Windows 2003 SP 2
Enterprise server. IP address of this
server is 10.250.97.29.
2) RSA SecurID server version 6.2 running
on Windows 2003 SP 2 Enterprise Server.
IP address of the server is 10.250.97.29.
3) I use steelbelt Odyssey CA server to
generate a certificate and assign it to
the steelbelt radius. I then configure
the Steelbelt radius for PEAP.
4) I integrate RSA SecurID with
steelbelt radius and it works. I verified
by setting up AAA authentication on
AP1232 and I can telnet to the Access
Point with an account I created on
the RSA SecurID server. Here is the config
on the AP1232:
aaa new-model
aaa authentication login FUNK group radius local
aaa authentication enable default enable
radius-server host 10.250.97.29 auth-port 1812 acct-port 1813 key xxx
line vty 1
exec-timeout 0 0
accounting exec TAC
login authentication FUNK
When I log into the AP1232, it works as seen below:
[root@LinuxES root]# telnet 10.250.97.30
Trying 10.250.97.30...
Connected to 10.250.97.30 (10.250.97.30).
Escape character is '^]'.
User Access Verification
Username: test1
Password:
AP1232>
The IP address of the AP1232 is 10.250.97.29.
5) The Windows 2003 Enterprise Server with ip address
of 10.250.97.29 is also a AD server. It is also
running DNS, DHCP, WINS. Every services is running
and I've verified because I have "wired" Windows XP
machine and it can get IP address from the DHCP server.
6) I have a Windows XP Professional SP2 and I have a
Cisco Wireless NIC card. The card model is AIR-CB20A-A-K9.
I installed Steelbelt Odyssey wireless client on the
XP machine and it sees the cisco card.
7) I have an access point, AP1232, running IOS version
c1200-k9w7-mx.123-8.JEA1/c1200-k9w7-mx.123-8.JEA1. It
supports both A and G. I would like to set it up
to use wireless 802.1x for my wirless Windows XP
machine running odyssey wireless client.
Can someone help me how to this work with
802.1x PEAP in the most secure way? I've a basic
understanding of PEAP but the implementation
so far has been quite a challenge for me.Basically,
I would like to setup PEAP to use AES-CCM & TKIP, etc...
Here is the configuration of the AP1232.
Can some 802.1x experts help me out here? Thanks.
Attached is the configuration of my AP1232.
10-03-2007 11:26 AM
I don't fine anything wrong in the configuration. Make sure access point is included as a client in Radius server and PEAP is enabled on Radius server. Both server and access point seems to have same ip address.
10-04-2007 06:33 PM
I am using it as an example. Server and AP
have different IP address. Have you setup
these before? Thanks.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: