PEAP with Open WEP Authentication

Unanswered Question
Jul 12th, 2008

Hi,

The WLC version is 4.0.217 with ACS v 4.0. There are certain clients have intermittent wireless, whereby it connects and disconnects and connects again when using dot1x authentication. But they have no problem connecting to SSID with no dot1x authentication and it is very stable. The DOT1X authentication security parameters is PEAP using MSCHAP, OPEN authentication and WEP encryption, no validate certificate, Win2003 AD. There are about 200 users, it is happening for around 10-15 users. Any suggestions or recommendations.

Thank you

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Scott Fella Sat, 07/12/2008 - 11:26

I fit is happening to only certain users, then I would check the configuration of the clients and check the ACS for credentials and errors.

rseiler Sat, 07/12/2008 - 15:51

There is no such thing as PEAP using MSCHAP with OPEN and WEP encryption. You must be using 802.1x to use any EAP type, usually WPA1 or WPA2 with 802.1x. Please restate your question.

Scott Fella Sat, 07/12/2008 - 16:14

he probably means 802.1x with wep. I have seen this in implementation long time ago. Why use wep whem wpa or wpa2 is stronger and widely implemented these days.

ramarao Sat, 07/12/2008 - 20:05

It is WEP. Anyway, on the client, all the drivers are updated and also patched with Microsoft KB 885453. Could not suspect any major interference in the network as when the client use other SSID without dot1x it works fine.

Any suggestions

rseiler Sat, 07/12/2008 - 22:59

A few points:

1. Do you have Microsoft KB917021 or XP SP3 installed?

2. Are you sure that WEP with 802.1x with PEAP is even supported on the WLC? I can't find any docs that list that as a supported option.

3. Try WPA1/TKIP and/or WPA2/AES with 802.1x.

Just because the gui lets you configure something, doesn't mean it works or is supported. For example, WPA1/AES and WPA2/TKIP can be configured but don't work as they are unsupported and invalid. I suspect this is what you are running up against. Nobody else is configuring the WLC the way you are.

Scott Fella Sun, 07/13/2008 - 04:47

Well it seems still like a client side issue. verify that the wep key is in key 1 on the clients. Verify the setting on a client that works. Also do you see any errors on the wlc or acs.... you should

ramarao Sun, 07/13/2008 - 06:18

The client is on SP2. I will try to re-check on the client end. Many thanks for your help.

Actions

This Discussion

 

 

Trending Topics - Security & Network