Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
811
Views
0
Helpful
3
Replies

Wireless Authentication using ACS and RSA

Ajai George
Level 1
Level 1

‎01-11-2011 10:06 PM - edited ‎03-10-2019 05:42 PM

Hello,

We have ACS authentication with RSA Token enabled for VPN users.

We are also using the ACS for user authentication using TACACS. Both are working fine. I am trying to enable Wireless user authentication with ACS and RSA.

I am using CISCO AP 1142 Autonomous mode which is configured as a Radius client on ACS and I am able to see authentication attempt from user when we connects to the WLAN

But the user authentication is failing with reason code 22056. I am using windows 7 with 802.1x PEAP authentication.

I have been through the support forums and I can see that there is EAP-GTC supplicant-for windows XP  for authentication. Can you let me know the configuration needed for this and if EAP-GTC supplicant is available for windows7.

What are the other configuration options I can look into enabling wireless authentication using ACS and RSA Tokens.

TIA

Labels:
0 Helpful
3 Replies 3

Federico Ziliotto
Cisco Employee
Cisco Employee

‎01-12-2011 12:13 AM

Hi Ajai,

The Cisco Secure Services Client (CSSC) for Windows XP is a supplicant that supports EAP-GTC as an inner method for PEAP:

http://www.cisco.com/en/US/docs/wireless/wlan_adapter/secure_client/release/notes/ssc51118xp_RN.html#wp38764

CSSC is not available for Windows 7. For such an OS you may need to to refer to the supplicant provided by the wireless NIC vendor.

Regards,

Fede

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

0 Helpful

Ajai George
Level 1
Level 1
In response to Federico Ziliotto

‎01-12-2011 12:44 AM

Hi Federico,

Thanks for the response. I am aware that the CSSC is not available for Windows 7 yet. I have looked at some open source products like open1x but that is also not supported on Win 7.So does this mean that we cannot get a wireless user to authenticate with RSA Tokens using ACS if you are using windows 7? I might have users using multiple OS platforms other than Win 7 and I am looking at a standard setup on the client independent on the client OS.

Is there any other way we can have wireless authentication with RSA Tokens with ACS using any other standards other than EAP-GTC or is this the only way forward.

Regards,

Ajai

0 Helpful

Federico Ziliotto
Cisco Employee
Cisco Employee
In response to Ajai George

‎01-12-2011 01:14 AM

Hi Ajai,

Windows 7 should already include a Cisco plug-in for EAP-FAST and PEAP (EAP-GTC):
http://www.cisco.com/en/US/docs/wireless/technology/peap/technical/reference/PEAP_D.html#wp998638
However, please note that such a plug-in is supported by the vendor of the wireless card directly.

So resuming, on Windows XP you might want to consider CSSC, and on Windows 7 you could look into the PEAP plugin.
Supplicants do vary a lot between Windows XP and Windows, so I am afraid you might need to consider dependencies based on the OS.

Regards,

Fede

--
If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

0 Helpful
Customers Also Viewed These Support Documents