Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
466
Views
0
Helpful
5
Replies

PEAP authentication problems..... HELP

mbowling
Level 1
Level 1

‎07-17-2003 12:24 PM - edited ‎07-04-2021 08:52 AM

I have AP 1200's, ACS 3.1 and XP machines (all with SP1 or better) The laptop that I use, has a Cisco Aironet card (350) and works just fine. I can authenticate with NDS using LEAP or PEAP.

However, the new IBM machines using internal "high rate wireless LAN" cards aren't playing well with my network. I'm setting them up for our library, and none will pass authentication. They always fail.

I have imported a Thawte certificate into our ACS server. Can anyone please give me some advice?

Labels:
0 Helpful
5 Replies 5

derwin
Level 5
Level 5

‎07-17-2003 07:59 PM

These "high rate" cards what standard are they ? 802.11a b or g ??

If they are 802.11a then you need a 802.11a radio installed in your AP1200 and it is configured as a seperate radio so you will need to also configure it in a similar way you have already for your 802.11b radio

If the cards are 802.11g then you need to makesure they are set to 11Mbps and are in compatable with 802.11b mode (should be by default but not all are) You then need to make sure these cards support 802.1x

If they are then run the EAP debugs on the AP to see what is happening

0 Helpful

msheik
Level 1
Level 1

‎08-13-2004 05:42 PM

Hi,

Any luck? We have the same kind of issue when using IBM laptops with external/internal cisco client adapters -a/b/g. Any other make Laptops works fine.The 1200 Series APs are properly configured but we are using PEAP with Radius.Any advice? Thanks in advance.

MS

0 Helpful

scottmac
Level 10
Level 10
In response to msheik

‎08-14-2004 05:49 AM

It may be that the laptops need Microsoft XP Service Pack 2.

I have some users with internal NICs (built-in / Centrino or similar) that wouldn't even pass with WPA-PSK (these were HP/Compaq). I checked the manufacturer web site and they specifically say that SP2 is needed for WPA.

I tested it with similar NICs in my own laptop. They wouldn't pass on SP1, and they hooked right up with SP2, even using the NIC vendor's application.

...and, for those that may not be aware, SP2 loads a new MS firewall and defaults it to "everything shutdown." Read about it and the other "features" on the MS site before loading SP2 so you'll know where to start chasing the problems. For the firewall, you can shut it down using a new icon in the control panel.

FWIW

Scott

0 Helpful

kristjan.edvardsson
Level 1
Level 1
In response to scottmac

‎08-16-2004 06:40 AM

Hi, I have had similar issues before. I don´t remember the vendor, but in my case a software update on the AP did the trick for me.

regards. Kristjan CCNP

0 Helpful

bloconnor
Level 1
Level 1

‎09-07-2004 11:47 AM

PEAP will fail if the client is checking for a server cert and your ACS server doesn't have one.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card