I got this working yesterday and it was pretty straight forward, although I did have most of the groundwork in place beforehand.
You need a RADIUS Server - I used the one supplied with Windows 2000 Server (IAS). You also need a certificate Authority to publish certificates; the RADIUS Server needs one as well as each of the handhelds. Again I used the CA supplied with W2K.
To get the certificate on the PocketPC you need to get hold of the Certificate Enrollment tool from MS. You can either complile it from the SDK or download it from HP's website (software and drivers for iPAQ 5400/5500 for Windows Mobile 2003). The documentation supplied with the tool is a bit ambiguous and you need to make sure either a 'User' or 'Computer' certificate is requested, NOT what it says in the notes.
It all worked pretty much straight away - I had to play around with a few things but nothing too complex. I am using a Cisco 340 AP running VxWorks 12.0(3)T and an iPAQ 5450 running Windows Mobile 2003.
I just got PEAP running using the ACS and 1200. I was able to test it with a laptop but have not been able to have the iPAQ get the certificate. I keep receiving an error that the template is not correct.
I talk with someone else who was able to make it work but without using the domain, but my site uses the domain to authenticate. I think the iPAQ can not receive the certificate since it is not register yet.
PEAP does not require client-side certificates, just server certificates. As long as your PDA has the appropriate root certificate installed (just sync it over and click on it, no special tools necessary) you should be able to connect as long as your PEAP is running correctly in the first place.
I had some trouble getting my iPaq connected, but it turned out that the root certificate load that came preinstalled had an obsolete version of the Verisign certificate I needed. Updated that and I was online.
Perhaps the root cert file is not in a format your PDA recognizes. Try importing that cert into Internet Explorer on your desktop/laptop, then export the certificate from IE in X.509-DER, and see if the reformatted cert works better for you.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...