Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS authentication with WiSM

Dear Friends,

I am presently deploying in a Campus network of 2 WiSM's with 280 1250 AP's .

Authentication is carried by means of ACS appliance,1113. I have generated a certificate and installed on the appliance itself.

Now the problem lies, when a client tries to authenticate ,it stucks with Validating identity, but when I manually install the certificate from ACS to the client machine , it works but gives disconnection after sometime.

Any ideas / advises.

Thanks ,

Sid

6 REPLIES
Hall of Fame Super Silver

Re: ACS authentication with WiSM

What errors are you seeing on the ACS? Here is a guide that show how to setup PEAP:

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080665d18.shtml

-Scott
*** Please rate helpful posts ***
New Member

Re: ACS authentication with WiSM

Hi ,

Thanks for the reply.

I get errors from the ACS appliance-something like 'EAP-TLS or PEAP authentication failed , incorrect handshake'

Regards,

SID

Silver

Re: ACS authentication with WiSM

What OS are your clients running?

If Windows XP and WPA2, then you need to add the profile by hand and not with double clicking on the SSID. Then you need to change several options in the settings dialog of this connection and after that you are able to connect and authenticate.

New Member

Re: ACS authentication with WiSM

Hi,

I have made the ACS 1113, self signed certificate and installed on the appliance itself.

After that , I have downloaded the certificate and manually installed in the client PC , which is joined to the domain , where the users exist.

Also I have checked on the ACS appliance, PEAP and MS-CHAP v1 and MS-CHAP v2.

As per instructions from cisco examples and technotes, I have adjusted the setting in the WZC , in which I can find the certificate which has been installed.

It takes time to install and gets connected, but after sometime it automatically gets disconnected and displays in the WZC as 'attempt to authenticate'.

At the same time when i checked the ACS logs under failure attempts, I see the error shown something like

'Invalid SSL handshake ......'

Any clues/advises please.

Sid

Hall of Fame Super Silver

Re: ACS authentication with WiSM

That error mean the certificate is invalid. If you load a certificate on the client and on ACS you also have EAP-TLS enabled, then you are doing EAP-TLS authentication and not PEAP. Attach a screen shot of you ACS security setting page.

-Scott
*** Please rate helpful posts ***
New Member

Re: ACS authentication with WiSM

If you are using a self-signed cert then you need to either install the cert on every client you want to use PEAP on - or un-check the 'Validate server certificate' checkbox on the Windows client. Also, I uncheck 'automatically use my windows domain logon and password' this way I have to type in the username / password and I know it will be correct.

192
Views
0
Helpful
6
Replies
CreatePlease login to create content