01-11-2011 10:06 PM - edited 03-10-2019 05:42 PM
Hello,
We have ACS authentication with RSA Token enabled for VPN users.
We are also using the ACS for user authentication using TACACS. Both are working fine. I am trying to enable Wireless user authentication with ACS and RSA.
I am using CISCO AP 1142 Autonomous mode which is configured as a Radius client on ACS and I am able to see authentication attempt from user when we connects to the WLAN
But the user authentication is failing with reason code 22056. I am using windows 7 with 802.1x PEAP authentication.
I have been through the support forums and I can see that there is EAP-GTC supplicant-for windows XP for authentication. Can you let me know the configuration needed for this and if EAP-GTC supplicant is available for windows7.
What are the other configuration options I can look into enabling wireless authentication using ACS and RSA Tokens.
TIA
01-12-2011 12:13 AM
Hi Ajai,
The Cisco Secure Services Client (CSSC) for Windows XP is a supplicant that supports EAP-GTC as an inner method for PEAP:
CSSC is not available for Windows 7. For such an OS you may need to to refer to the supplicant provided by the wireless NIC vendor.
Regards,
Fede
--
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
01-12-2011 12:44 AM
Hi Federico,
Thanks for the response. I am aware that the CSSC is not available for Windows 7 yet. I have looked at some open source products like open1x but that is also not supported on Win 7.So does this mean that we cannot get a wireless user to authenticate with RSA Tokens using ACS if you are using windows 7? I might have users using multiple OS platforms other than Win 7 and I am looking at a standard setup on the client independent on the client OS.
Is there any other way we can have wireless authentication with RSA Tokens with ACS using any other standards other than EAP-GTC or is this the only way forward.
Regards,
Ajai
01-12-2011 01:14 AM
Hi Ajai,
Windows 7 should already include a Cisco plug-in for EAP-FAST and PEAP (EAP-GTC):
http://www.cisco.com/en/US/docs/wireless/technology/peap/technical/reference/PEAP_D.html#wp998638
However, please note that such a plug-in is supported by the vendor of the wireless card directly.
So resuming, on Windows XP you might want to consider CSSC, and on Windows 7 you could look into the PEAP plugin.
Supplicants do vary a lot between Windows XP and Windows, so I am afraid you might need to consider dependencies based on the OS.
Regards,
Fede
--
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide