Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

wpa2/peap on 1230

Our company will soon roll out wireless (5500 controller and 1140 APs), we're going to utilize PEAP to authenticate agains Active Directory.  To test things out, i used an old Aironet 1230 ap and a Win2k radius server.  I was able to set up PEAP authentication, and my client, both a XP laptop and a Blackberry connected successfully but only with 128 bit WEP.  It does not work with WPA/WPA2.

It seems like a client problem, perhaps on the client.  "Enable IEEE 802.1x authentication for this network" setting is greyed out if I select WPA or WPA2.  However, my Blackberry won't connect either, unless WEP is selected as the cipher.

What am I doing wrong?

1 ACCEPTED SOLUTION

Accepted Solutions
Community Member

Re: wpa2/peap on 1230

802.1x is for WEP encryption.  If that is what you want to use with PEAP then you need to configure your client with Open and WEP, then you can select 802.1x.  This would still allow you to use PEAP/LEAP/EAP-FAST.

If you want to use WPA/WPA2 encryption then select WPA/WPA2, then choose PEAP or Smart Card or Certificate.  Since you choose WPA/WPA2 you are not needing 802.1x WEP.

What you are seeing is the proper way the client should function.  On that first page you are defining the way that the data is going to be encrypted.

I hope this clears things up for you.

Please remember to rate for answers that help.

Seth

5 REPLIES
Cisco Employee

Re: wpa2/peap on 1230

Whats the clients supplicant that we are using?? if we use WPA or WPA2 Enterprise.. then we will ge tthe option of selecting what type of EAP flavour..

try using CSSC or Intel proset and lemme know how this works out for you!!

Regards
Surendra

Community Member

Re: wpa2/peap on 1230

On the windows client you would select WPA or WPA2 with the appropriate encryption, TKIP or AES.  Then under the authentication tab you will select PEAP and then customize its options such as wether you want to verify server certificate, use DOMAIN information and such.

Seth

Community Member

Re: wpa2/peap on 1230

I am using the default supplicant on Windows XP SP3.

Yes, that is what I attempted, I selected WPA2 then AES (the correct cypher on my AP), then clicked on authentication tab.  That's where I have the problem.  I see that "Enable IEEE 802.1x authentication for this network" is greyed out.  If I change the cipher to WEP, then I am able to enable it.

Community Member

Re: wpa2/peap on 1230

802.1x is for WEP encryption.  If that is what you want to use with PEAP then you need to configure your client with Open and WEP, then you can select 802.1x.  This would still allow you to use PEAP/LEAP/EAP-FAST.

If you want to use WPA/WPA2 encryption then select WPA/WPA2, then choose PEAP or Smart Card or Certificate.  Since you choose WPA/WPA2 you are not needing 802.1x WEP.

What you are seeing is the proper way the client should function.  On that first page you are defining the way that the data is going to be encrypted.

I hope this clears things up for you.

Please remember to rate for answers that help.

Seth

Community Member

Re: wpa2/peap on 1230

You're right about the client.

I'm not exactly sure what settings it was that finally made the WPA2/CCMP/RADIUS/PEAP combination work, but now all my test clients (blackberry, XP, iPhone, and MacBook) did request a username in addition to the password.  It was offered the server cert, then joined.  Thanks everyone.

Just for the record, on the AP side, my settings were as follows:

ENCRYPTION MANAGER:

Cipher -> AES CCMP

SSID MANAGER:

Open Authentication -> with EAP

Network EAP ->

Key Management -> Mandatory -> checked "WPA"

622
Views
0
Helpful
5
Replies
CreatePlease to create content