Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
sbe
New Member

bug? wlc, acs, peap & machine auth and intel wireless proset

customer has a wireless solution consisting of a AIR-WLC4402-50-K9 with software 4.0.206.0, several AIR-LAP1131AG-E-K9 Access Points , Cisco ACS 4.0, Windows 2003 Active Directory and a Microsoft CA.

WLC & ACS are configured for PEAP(MS-CHAPv2) plus machine authentication on acs.

on wlan-clients (mostly centrino-notebooks) this security solution configured with windows configuration service works fine...host AND user (both!) must successfully authenticate themselves against acs to gain access.

but with intel wireless proset-software version 11.1 it's enough to successfully authenticate as host OR user (not both!). this looks like a bug and is a really heavy security hole.

any ideas?

123
Views
0
Helpful
0
Replies
CreatePlease to create content