Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Steelbelt Radius, RSA SecurID, AP1232 and PEAP 802.1x implementation

I am new to the wireless 802.1x world and

I would like to setup 802.1x for my lab

with the following equipments:

1) Steelbelt (aka Juniper) radius server

version 6.0 running on Windows 2003 SP 2

Enterprise server. IP address of this

server is

2) RSA SecurID server version 6.2 running

on Windows 2003 SP 2 Enterprise Server.

IP address of the server is

3) I use steelbelt Odyssey CA server to

generate a certificate and assign it to

the steelbelt radius. I then configure

the Steelbelt radius for PEAP.

4) I integrate RSA SecurID with

steelbelt radius and it works. I verified

by setting up AAA authentication on

AP1232 and I can telnet to the Access

Point with an account I created on

the RSA SecurID server. Here is the config

on the AP1232:

aaa new-model

aaa authentication login FUNK group radius local

aaa authentication enable default enable

radius-server host auth-port 1812 acct-port 1813 key xxx

line vty 1

exec-timeout 0 0

accounting exec TAC

login authentication FUNK

When I log into the AP1232, it works as seen below:

[root@LinuxES root]# telnet


Connected to (

Escape character is '^]'.

User Access Verification

Username: test1



The IP address of the AP1232 is

5) The Windows 2003 Enterprise Server with ip address

of is also a AD server. It is also

running DNS, DHCP, WINS. Every services is running

and I've verified because I have "wired" Windows XP

machine and it can get IP address from the DHCP server.

6) I have a Windows XP Professional SP2 and I have a

Cisco Wireless NIC card. The card model is AIR-CB20A-A-K9.

I installed Steelbelt Odyssey wireless client on the

XP machine and it sees the cisco card.

7) I have an access point, AP1232, running IOS version

c1200-k9w7-mx.123-8.JEA1/c1200-k9w7-mx.123-8.JEA1. It

supports both A and G. I would like to set it up

to use wireless 802.1x for my wirless Windows XP

machine running odyssey wireless client.

Can someone help me how to this work with

802.1x PEAP in the most secure way? I've a basic

understanding of PEAP but the implementation

so far has been quite a challenge for me.Basically,

I would like to setup PEAP to use AES-CCM & TKIP, etc...

Here is the configuration of the AP1232.

Can some 802.1x experts help me out here? Thanks.

Attached is the configuration of my AP1232.


Re: Steelbelt Radius, RSA SecurID, AP1232 and PEAP 802.1x implem

I don't fine anything wrong in the configuration. Make sure access point is included as a client in Radius server and PEAP is enabled on Radius server. Both server and access point seems to have same ip address.

New Member

Re: Steelbelt Radius, RSA SecurID, AP1232 and PEAP 802.1x implem

I am using it as an example. Server and AP

have different IP address. Have you setup

these before? Thanks.

CreatePlease to create content