Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

PEAP authentication problems..... HELP

Unanswered Question
Jul 17th, 2003
User Badges:

I have AP 1200's, ACS 3.1 and XP machines (all with SP1 or better) The laptop that I use, has a Cisco Aironet card (350) and works just fine. I can authenticate with NDS using LEAP or PEAP.

However, the new IBM machines using internal "high rate wireless LAN" cards aren't playing well with my network. I'm setting them up for our library, and none will pass authentication. They always fail.

I have imported a Thawte certificate into our ACS server. Can anyone please give me some advice?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
derwin Thu, 07/17/2003 - 19:59
User Badges:
  • Cisco Employee,

These "high rate" cards what standard are they ? 802.11a b or g ??

If they are 802.11a then you need a 802.11a radio installed in your AP1200 and it is configured as a seperate radio so you will need to also configure it in a similar way you have already for your 802.11b radio

If the cards are 802.11g then you need to makesure they are set to 11Mbps and are in compatable with 802.11b mode (should be by default but not all are) You then need to make sure these cards support 802.1x

If they are then run the EAP debugs on the AP to see what is happening

msheik Fri, 08/13/2004 - 17:42
User Badges:


Any luck? We have the same kind of issue when using IBM laptops with external/internal cisco client adapters -a/b/g. Any other make Laptops works fine.The 1200 Series APs are properly configured but we are using PEAP with Radius.Any advice? Thanks in advance.


scottmac Sat, 08/14/2004 - 05:49
User Badges:
  • Green, 3000 points or more

It may be that the laptops need Microsoft XP Service Pack 2.

I have some users with internal NICs (built-in / Centrino or similar) that wouldn't even pass with WPA-PSK (these were HP/Compaq). I checked the manufacturer web site and they specifically say that SP2 is needed for WPA.

I tested it with similar NICs in my own laptop. They wouldn't pass on SP1, and they hooked right up with SP2, even using the NIC vendor's application.

...and, for those that may not be aware, SP2 loads a new MS firewall and defaults it to "everything shutdown." Read about it and the other "features" on the MS site before loading SP2 so you'll know where to start chasing the problems. For the firewall, you can shut it down using a new icon in the control panel.



kristjan.edvardsson Mon, 08/16/2004 - 06:40
User Badges:

Hi, I have had similar issues before. I don´t remember the vendor, but in my case a software update on the AP did the trick for me.

regards. Kristjan CCNP

bloconnor Tue, 09/07/2004 - 11:47
User Badges:

PEAP will fail if the client is checking for a server cert and your ACS server doesn't have one.


This Discussion



Trending Topics - Security & Network