Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
340
Views
0
Helpful
1
Replies

Wireless PEAP w/ ACS 3.1 & RSA Secure ID 5.0 on XP & W2K

jcremer
Level 1
Level 1

‎03-28-2003 05:29 AM - edited ‎07-04-2021 08:36 AM

I want to auth the W2K Client at Cisco AP (newest rel.) by PEAP.

I have

- AP 350

-Cisco W-Card

-Lucent W-Card

-Symbol W-Card

- WIN XP

- WIN2K

- RSA Secure ID Server 5.0

The ACS has already a cert. created by Windows CA - thats OK.

Secure ID can auth Routers / Switches by ACS

What are the settings in AP to communicate with ACS for PEAP w/ TACACS

- Port #49 ?

- EAP + 1.WEP key + ?

Can the 2nd Auth line be a W2k-Server, where the ACS is connected instead of RSA Scured ID ?

I heard, that this W2K / XP makes problems w/ SP1 regarding PEAP for none-cisco cards, cause some DLLS are exchanged and doesnt support MSCHAP-V2 - how works this in detail ?

ciao

Jens

Labels:
0 Helpful
1 Reply 1

sbilgi
Level 5
Level 5

‎04-03-2003 08:38 AM

1.To get information about the settings in AP to communicate with ACS for PEAP w/ TACACS, you can go through the following URL:

http://www.cisco.com/en/US/products/hw/wireless/ps4555/products_installation_and_configuration_guide_chapter09186a008015486c.html

2)Since Microsoft uses PEAP-MSCHAPV2 and Cisco uses PEAP-GTC (generic token card), PEAP will not work from Win2K SP1/3 client through Cisco Secure ACS3.1. Both MS and Cisco support PEAP, but each supports different methods of client authentication through the TLS tunnel. The Microsoft PEAP supplicant supports client authentication by only MS-CHAPVersion 2, which limits user databases to those that support MS-CHAP Version 2, such as Windows NT Domains and Active Directory. The Cisco PEAP (GTC) supplicant supports client authentication by OTPs and logon passwords, enabling support for OTP databases from vendors and logon password databases as well as Microsoft databases. In addition, the Cisco PEAP client includes the ability to hide user name identities until the TLS encrypted tunnel is established. This provides additional confidentiality that user names are not being broadcast during the authentication phase. But, MS XP with no service pack should support the Cisco PEAP

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card