Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Machine authentication stop working

We succeeded to setup  a Wireless LAN comprising: a 4404 Controller, 20 Access Points 1140 and an IAS server installed on Domain Controller

Each wireless machine with a personal certificate (issued to the computer account) authenticates (PEAP authentication with MS Radius Server for 802.1x) priory to the user authentication ( using Domain credential). Since one week, machines without a personal certificate are granted access to the wireless network. We cannot find out what have caused this change? Our aim is to grant access only to machines with personal certificate.

Please can you help

Everyone's tags (1)
3 REPLIES
Cisco Employee

Re: Machine authentication stop working

Peabody,

If you are just using PEAP, then all that is required is a certificate on the RADIUS server.  The clients would not have to have one in order to successfully authenticate. If you want to have the clients be forced to use certificates, then you are going to have to setup EAP-TLS on our IAS and not allow PEAP.

Thanks,

Lee

New Member

Re: Machine authentication stop working

We resolved the issue by re-creating the PEAP Policy on another DC running an IAS Server with the correct certificate but we were unable to diagnose the cause of this problem. All OK now  and we are planning to do the same with the pevious failed RADIUS server so it can act as a secondary RADIUS Server.

To Lee, thanks  for your reply. You can still use a computer certificate under PEAP  to tight the control on devices accessing your Wireless LAN. It's a mean to prevent any domain computer to be used to access the Wireless LAN.

Cisco Employee

Re: Machine authentication stop working

That is interesting. Thanks for posting the resolution.

Lee

636
Views
0
Helpful
3
Replies