PEAP provides mutual authentication. The Client authenticates the RADIUS server using a certificate. To do this, you need to install a server cert on the RADIUS server. The Client just needs the Root cert for the CA that issued the Server cert. If you want to avoid deploying the Root cert on all your clients, get a cert for your server from a CA on the MS supported list. This way, the Root cert is already on your clients.
Remember that there are 2 forms of PEAP: Cisco & MS. The MS 802.1x Supplicant on WinXP uses MS PEAP. The Cisco Client uses Cisco PEAP. I believe that ACS 3.2 supports both. The main difference is what you want to use as a DB to authenticate your clients. If you want to use the AD DB for single sign on, use MS PEAP. Cisco PEAP uses OTP or smart cards.
You should be able to find information on the Cisco and MS web sites on how to configure ACS3.2, WinXP Client and Cisco APs.
You could also use Cisco LEAP which is U/P based. It is slightly less secure because it uses MS-CHAPv2 to perform authentication which is subject to dictionary attacks. As long as you have a strong password policy you should be OK. This is simpler to setup than PEAP. Since it uses the Cisco Client it'll also work on more OSs.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...