cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
884
Views
0
Helpful
4
Replies

Setup EAP-PEAP on WLAN Controller using IAS?

bwillougbhy
Level 1
Level 1

I am seriously stuck. I have spent the past week trying to get EAP-PEAP MSChap to work using a WLAN 4402 controller. I cannot find any documentation on how to propperly set up the WLAN controller to do this. I have gone through over 500 pages of microsoft documentation on how to setup IAS and a certificate server. I believe that this part is working right. I dont believe that the WLAN controller is properly handeling authentication requests. WLAN controller is currently set to WAP2(802.1x), Radius Auth and Accounting servers IP's are set and pingable. Does anyone know of any good documentation to configure WLAN controller to do this?

WLAN Controller Log Reads:

[SECURITY] 1x_auth_pae.c 2367: Reached Max EAP-Identity Request retries (21) for STA xx:xx:xx:xx:xx:xx

Tue Nov 7 08:41:07 2006 [ERROR] dot1x_msg_task.c 357: mscb not found for STA xx:xx:xx:xx:xx:xx - unable to process 802.1x event 4

Tue Nov 7 08:41:07 2006 Previous message occurred 3 times

Thanks in advance...

4 Replies 4

Stephen Rodriguez
Cisco Employee
Cisco Employee

best source for documentation, setup guides

http://wireless.dweezle.org

And he has one there specifically for PEAP setup to an IAS server. Very nice walk through on it.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

I have actually already looked through this power point. It is great information for setting up the IAS server. I believe that the IAS server is set up correct. I am looking for documentation on how to set up the WLAN controller /Client for RADIUS PEAP authentication and accounting.

Here are my current WLC settings

Radius accounting IP (enabled)

Radius authentication IP (enabled)

WLAN SSID WAP(802.1x) (enabled)

Client Settings

Authentication WAP

Data Encryption AES

EAP Type : Protected EAP(PEAP)

Authenticate when Computer Info available =true

Any help is much appreciated!

on the WLAN, (4.0 controller) Change to WPA + WPA2, select your AAA servers, and under the WPA selection, set it for AES and key management 802.1x.

3.2 Change to WPA2, and select your AAA server, do not check WPA compatability, unless you want normal WPA, and don't check pre-shared key mode.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

I am finally getting a chance to get back to this issue. I do not know what version I am running (Brand new 4402 WLAN controller). However the 3.2 steps seemed to make sense. I am fairly confident that the Authentication request isn't even making it to the IAS server. I used Etherreal and saw no packets using the specified Radius ports. I keep turning back to the controller settings as being the cause of the issue.

More Details:

I have set up an interface on the WLAN controller using the 10.0.203.0/24 subnet. I have set up an Authentication / Accounting server up on the same subnet. My access points are broadcasting a SSID that uses DHCP to provide addresses on this same subnet.

Questions that I still have

1) Do I set up the WLAN controllers 10.0.203.X interface rather than the AP's interface in IAS under Radius Clients?

2.) What does the AAA overide do in the WLAN settings?

3.) Do I need to have the Use AES key wrap box checked under the Authentication server page?

4.)Do the Radius servers need to be on the same subnet as the managment interface to work properly?

5.)Do I need to create some sort of AP group or AP authentication group on the WLAN controller?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: