The most important information is something you didn't provide: What is the wireless software that you are using to connect to the wireless network? Are you using the 3COM wireless NIC software that comes with the card or are you trying to use a microsoft built-in client?
Anyway, the only config that has worked for me for machine auth is Windows XP SP2 with several hotfixes (NOT security patches), ACS 3.3(3) minimum, the microsoft zero config client, and the correct configuration all around. Really doesn't matter if your server infrastructure and certsrv is Win 2000 or 2003.
May I ask why you are insisting on using Windows 2000 on the clients? (What year is it, 2007?)
@ rseiler: right now, we are using the 3com WLAN Manager, which is ok for our current setup. But I already tried to change 1 testing workstation settings to several types of encryption & PEAP authentication, without success. When the computer starts no IP is assigned by DHCP and users are able to initally work offline. After somebody with local/cached profile logs on, the 3Com WLan manager connects and after that everything works "fine". But this is not acceptable. The 3Com WLAN Manager has several setttings for pre-logon, after-machine-bootup options, but I didnt notice any change after trying all of them in several combinations. But this particular problem is probably better suited for 3Com forums/support.
I also tried Microsoft client, which has limited options. The problem with W2K is that no wireless settings can be changed within microsoft supplicant. What I achieved here is to first set 3Com WLAN Manager for correct encryption settings, SSID etc. then disabling it and using Microsoft's supplicant instead. This works really well, but I have tested it only with dynamic WEP + PEAP + IAS W2K as I read somewhere in Cisco documents that W2K has no direct support for higher encryption.
As for why still Windows 2000 in year 2007 - its company policy, which is set by central IT department and actually W2K is enough for almost everything we need. Some of the workstations we use for only 1 specific task which doesn't require much horsepower and the HW of these machines couldnt cope with XP's demands. Buying new machines for such task doesn't sound right. We will have to go with XP though, because new versions of applications we use are just plainly requesting XP during install.
Are there any 3rd party PEAP supplicants which also support machine auth for Windows platform, like Funk, Aegis(probably Cisco now :-) ) ?
Thanks for your reply, but I cant just throw 50 PCI A/B/G Wireless cards out of window :-( They weren't cheap and I wouldn't get permission to buy other brand if the current ones are working "fine".
To use 3Com wasn't my decision either, I already inherited such setup.
Unfortunately I have to find a way to do it with what I have right now. I would probably get permission to buy a SW Client for our WiFi clients, but I have no experience with 3rd party supplicants and I also dont know if some of them support machine authentication. As I already mentioned I am able to run it also with 3Com set to PEAP and dynamic WEP, even if it is not the best setup I could get (still better than the current static WEP). This is the only one, where GPO works fine. I'll try 3Com support and hopefully they will answer with something constructive.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...