Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
953
Views
0
Helpful
6
Replies

1240 AG using WPA and RADIUS

ghenderson
Level 1
Level 1

‎11-08-2007 03:52 PM - edited ‎07-03-2021 02:54 PM

I'm really stumped here. I am trying to set up the access point to authenticate users with RADIUS. That part seems file. The client can authenticate with the access point but then it can't get an address. The event log says Authentication Failed.

I checked the logs on IAS and the username/password are validating, I just can't seem to get any traffic through.

Any ideas out there?

Labels:
0 Helpful
6 Replies 6

elkono200
Level 1
Level 1

‎11-08-2007 11:07 PM

hi,

at first i think you have tested all with open network and no radius. so you are sure that the DHCP and the APs are working fine and you have no errors in your network config.

than you should try it with radius and WPA.

are you using Cisco ACS or Freeradius, others?

~elkono

0 Helpful

andrew.brazier
Level 4
Level 4
In response to elkono200

‎11-09-2007 06:47 AM

Presumably you're using PEAP? If so, have you got a certificate installed or are you using a self-signed cert? If so, have you installed the corresponding root cert on the clients?

0 Helpful

ghenderson
Level 1
Level 1
In response to andrew.brazier

‎11-09-2007 07:03 AM

I haven't done anything with certificates - I've never set up a WPA/RADIUS wireless network before.

I was hoping to have a configuration where the computer can either authenticate with it's computer domain account or the user can enter their username/password that's valid on the domain.

The way I'm testing it now I have Windows (the client) configurated to authenticate using PEAP, it doesn't validate the server certificate, and it authenticated using MSCHAPv2. On the AP I have the AP Authentication method for the SSID set to MSCHAPv2.

Is this going to require installing certificates on the clients or is there a way to do this just with User or Computer accounts in AD?

0 Helpful

ghenderson
Level 1
Level 1
In response to elkono200

‎11-09-2007 06:56 AM

I'll give that a try, it's Microsoft Internet Authentication Service.

0 Helpful

andrew.brazier
Level 4
Level 4
In response to ghenderson

‎11-09-2007 07:04 AM

You might want to take a look at the Microsoft WLAN PEAP Toolkit, available from here:

http://go.microsoft.com/fwlink/?linkid=23481

Lots of useful information and some excellent scripts for configuring IAS, Windows CA, etc.

0 Helpful

elkono200
Level 1
Level 1
In response to andrew.brazier

‎11-09-2007 08:07 AM

hi,

i found in my chaos of files a sample config from an AP with WPA/TKIP.

i'm not sure if its workin but you can try it.

see attached files.

~elkono

Preview file
4 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card