Unanswered Question
Jul 12th, 2010
User Badges:

Hi to you all,

                   I have implemented EAP using WEP for my wireless users. My ACS 4.2 server grabs the users info from AD and authenticates the users to the network. This works fine and I am happy with it. But knowing the weakness of WEP and we are working toward PCI, so I want to change my encryption to WPA or WAP2 using AES. I have ACS 4.2 with  Aironet 1100 Series, and my clients are win XP and Vista. Any helps in planing this and other info will be greatly appreciate.

Thanks in advance,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jean Paul Enerst Mon, 07/12/2010 - 13:24
User Badges:

Hey Guys,

                 I went back and made some configuration in my devices(ACS,SUPLIANTS AND AP). there is the configuration of the AP below.

aaa authentication login eap_methods4 group rad_eap4

encryption vlan 3 mode ciphers aes-ccm ----> The running config of the AP eas-ccm, but I've choisen AAES CCMP for encryption in the  encryption Manager page of the AP.

ssid Vendeur-Test

dot11 ssid Vendeur-Test
   vlan 3
   authentication network-eap eap_methods4
   authentication key-management wpa
   accounting acct_methods4
   mbssid guest-mode

I set my suppliants to use wpa2 enterprise as network auth methode I choice Cisco LEAP. This is on a vista machine.

When I try to authenticate, my ACS does not show any log message either failure or success! Seems packets discard before reaching the server.

One thing that does capt my attention is that waring display by the AP when I telnet to it:

SSID CONFIG WARNING: [Vendeur-Test]: If radio clients are using EAP-FAST,AUTH OPEN with EAP should also be configured.

As shown below, I do not enable eapfast.  Does eapfast needs to be enable to have leap going?

radius-server local
  no authentication eapfast
  no authentication mac
  nas 10.zz.xx.xx6 key 7 124E544342


Paul Ernest


This Discussion



Trending Topics - Security & Network