cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4868
Views
0
Helpful
4
Replies

Wireless 802.1x with Window 7

sbeauton
Level 1
Level 1

I have a WLC 6.0,  ACS 3.3 and the SSID is setup to use 802.1x with Peap Authentication.   The clients are using Windows 7 to connect to wireless.     To get the clients connected they have to go into there network properties if the wireless card,  configure the client to use PEAP,  uncheck validate server certificate, and also uncheck use computer name to login into windows.  This works fine and the user to able to connect to to wireless after dong all these steps and then entering in there Windows Username and Password.    The customer is saying that this is to many steps for the end user and they just want the user to to click on the SSID and connect.  If wireless could also be setup to use  there windows username and password   would be a bonus.  I'm basically looking for a solution that is simple but is also secure as well.  I know that's an oxymoron.   Is there anything I could do to make the wireless process simpler.  Either by going with a different security authentication or by doing something different on the clients computers.   Thanks for any help and suggestions. 

1 Accepted Solution

Accepted Solutions

BRYN JONES
Level 1
Level 1

This is a script that we use on our campus (University of Leeds), that self configures an 802.1x connection and when a user connects to an 802.1x connection merely asks them for their username and password, which then remained cached.


The .exe you create takes away all the techy bits that do 'confuse' some users, even if they are provided with well written documentation.



https://sourceforge.net/projects/su1x/


http://lsayregj.swan.ac.uk/su1x/SU1X_User_Guide-v104.pdf

Features include:

- Automation of configuration of a PEAP wireless connection on XP(SP3),Vita and Win 7

- Can set EAP credentials without additional user interaction (avoids tooltip bubble)

- Installation of a certificate (silent)

- Checks for WPA2 compatibility and falls back to a WPA profile

- Third party supplicant check -SSID removal and priority setting

- Support tab: (checks: adapter, wzc service, profile presence, IP)

- Outputs check results to user with tooltip and/or to file

- Printer tab to add/remove networked printer

This tool is very cleverly written by Gareth Ayres at Swansea University

View solution in original post

4 Replies 4

Elliott Shawd
Level 1
Level 1

What do clients' Windows usernames and passwords authenticate against as it stands now? I would set up an Active Directory if that's not what's currently set up and integrate your ACS with the AD.

Secondly, you have two options to make it easier on your lazy users. You could look into scripting your profile for Wireless Zero Config or look at supplicants which make it easy to import profiles. Intel Proset Tools lets you import/export profiles, although I've never used it.

BRYN JONES
Level 1
Level 1

This is a script that we use on our campus (University of Leeds), that self configures an 802.1x connection and when a user connects to an 802.1x connection merely asks them for their username and password, which then remained cached.


The .exe you create takes away all the techy bits that do 'confuse' some users, even if they are provided with well written documentation.



https://sourceforge.net/projects/su1x/


http://lsayregj.swan.ac.uk/su1x/SU1X_User_Guide-v104.pdf

Features include:

- Automation of configuration of a PEAP wireless connection on XP(SP3),Vita and Win 7

- Can set EAP credentials without additional user interaction (avoids tooltip bubble)

- Installation of a certificate (silent)

- Checks for WPA2 compatibility and falls back to a WPA profile

- Third party supplicant check -SSID removal and priority setting

- Support tab: (checks: adapter, wzc service, profile presence, IP)

- Outputs check results to user with tooltip and/or to file

- Printer tab to add/remove networked printer

This tool is very cleverly written by Gareth Ayres at Swansea University

stsargen
Cisco Employee
Cisco Employee

All of these setings can be controlled using "netsh" form the command line.  I would suggest getting one system setup how you wnat.  Then export the Wireless profile and import on other manchine.  You could of course script the import so the users would not have to do anything but click on a single file.

http://technet.microsoft.com/en-us/library/dd878511%28WS.10%29.aspx

Here is a quick turotial to show you how to export and import your profiles.

http://www.home-network-help.com/export-wireless-network-profile.html

sbeauton
Level 1
Level 1

Thanks for everyone's help.   I thought I was going crazy but everyone has posted some good suggestions.  Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: