PEAP auth on ACS SE

Unanswered Question
Mar 13th, 2009

Dear all,

We currently have a W2K3 IAS box authenticating our trusted wireless users via RADIUS.

The wireless users connect through our WLC 4402, via a WLAN that points to the W2K3 boxes under the AAA settings.

This setup seems to be working fine, however I would like to migrate the RADIUS auth off of the W2K3 box and onto our ACS SE (ver 4.2).

We are currently using server certificates only, no client certs have been installed (PEAP ms-chap v2).

I have been through the RADIUS configuration on the ACS box, however no matter what I try I cannot get a WLAN client to authenticate via the ACS (I have configured a new test WLAN which points to the ACS under it's security tab).

The ACS is running a local cert, not one generated by our local CA, but I get the same issue whether I use a local ACS cert or one generated by our CA.

For info. the local XP client I am testing with is running SP3 if this makes any difference.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
didyap Thu, 03/19/2009 - 06:04

CS supports PEAP authentication by using the Cisco Aironet PEAP client or the Microsoft PEAP client that is included with Microsoft Windows XP Service Pack 1. ACS can support the Cisco Aironet PEAP client with PEAP(EAP-GTC) only. For the Microsoft PEAP client in Windows XP Service Pack 1, ACS supports PEAP(EAP-MS-CHAPv2) or PEAP (EAP-TLS).


This Discussion



Trending Topics - Security & Network