PEAP authentication for laptops

vijay kumar · ‎07-17-2013

Hi All,

We have created SSID with 802.1x authentication with WPA2 AES encrytion(Broadcast) . When I am trying to access the SSID in my Android , apple mobile it is directly asking for username and password . And it is getting authenticated .

Whereas in windows 7 laptop , I need to create the SSID profile(and need to choose the security type and all) for associating to that . Is there anyway that client will be able to connect without any SSID profling configuration in laptop ?..

Thanks ,

Regards,

Vijay.

Stephen Rodriguez · ‎07-17-2013

If they are corporate devices, you can use a GPO to push the WLAN config down to your users.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Stephen Rodriguez · ‎07-17-2013

Step 6

http://blogs.technet.com/b/networking/archive/2012/05/30/creating-a-secure-802-1x-wireless-infrastructure-using-microsoft-windows.aspx

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

George Stefanick · ‎07-17-2013

Apple and other devices are smart and for ease of use figures out the auth and encryption.

Windows 7 not so much. You need to push the profile down or manually configure ..

Sent from Cisco Technical Support iPhone App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

vijay kumar · ‎07-17-2013

Is there any other L2 security method that wont require the configuration on client side ?

George Stefanick · ‎07-17-2013

Sadly no unless you add or push a profile. We use Intel and have a profile on each device.

Sent from Cisco Technical Support iPhone App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Abhishek Abhishek · ‎07-17-2013

Hello Vijay,

As per your query i can suggest you the following solution-

PEAP authenticates wireless LAN clients using only server-side digital certificates by creating an encrypted SSL/TLS tunnel between the client and the authentication server. The tunnel then protects the subsequent user authentication exchange.

Follow these steps-

1.Open wifi settings

From the Home screen, press the Menu button and then select 'Settings'

2.Open Wireless & Networks

Select 'Wireless & networks'

3.Enable WiFi

If 'Wi-Fi' is Off, Select 'Wi-Fi'

4.Enter WiFi settings

Enter Wi-Fi settings

Select 'Wi-Fi settings'

5.Add SSID manually

Scroll to the bottom of the screen and select 'Add Wi-Fi network'

Enter HC_Secure in the Name field

6.Set Security

Select 'Security' drop-down menu and select '802.1x Enterprise'

7.Authentication (Phase 2)

Select 'Phase 2 authentication' drop-down menu and select 'MSCHAPV2'

Note: You may need to scroll down on the page to access the 'Phase 2 authentication' drop-down menu

8. Enter your Account

Enter your HC Network ID in the 'Identity' field and the password in the 'Wireless password' field

Note: You must scroll down on the page to access these fields

9.Save

Select the 'Save' button

Hope this will help you.

vijay kumar · ‎07-17-2013

Hi Abishek ,

Thanks for the reply . Actually i dont want to validate the serer site certifcate.And the problem is i dont want to configure these setttings in all the employee laptops , which is very difficult for us . We dont want IT team support for configuring wireless settings on employees laptop .

When the employee connects to broadcasted SSID, laptop should automatically find the security settings of that SSID.

Please help.

Thanks ,

Regards,

Vijay.