I have a customer that must perform a LEAP to PEAP migration. The good thing is that all of the back end authentication is SecureACS, so it can do both. We're using a 4404 WLC with approx. 25 APs. The customer doesn't have centralized management for the clients, so there's no clear upgrade and/or migration path. As laptops come in to the company's repair center, they'll have the profile changed. With that having been said, I have created two different profiles with the same SSID name, but with the security settings for LEAP on one and PEAP on the other. Since the clients only have LEAP or PEAP configured, not both, should this work? I have errors on some of the clients, but it's not clear as to whether or not my config is to blame. The two SSIDs collapse to the same VLAN - will I really see any improvement by placing the users on different VLANs? Or is the recommended practice two different SSIDs and VLANs all-together? Of course I've seen documentation on the latter, and it would seem that no one has considered the rather unusual constraints of my customer in so much that they don't have a clear cut-over procedure in place (making the two SSID/VLAN approach a no brainer). I guess I'd like a general consensus as to whether or not it's appropriate for me to demand the recommended hard cut-over since my customer is very reluctant to put forth the effort to do so.
There is no need to have 2 SSIDs the same, one for peap and leap. In fact, you can have 1 SSID and do both LEAP and PEAP on it.
The controller has no idea what 802.1x EAP type you used, right. When you programed the controller you dont state which EAP to use or not to use you simply state 802.1x
The controller hands off all request to the ACS. So if your ACS is config with both LEAP and PEAP it will dish out LEAP first, if the client is configured for PEAP, the client will respond with a NAK frame with the ID for PEAP. The ACS will then respond to the client with a PEAP request.
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...