Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PEAP Question

I have AP 350 version 12.03T, 340 Series PCMCIA firmware version 5.20.17,

Windows 2003 Active directory domain and Windows 2003 IAS server. Client PC is Win XP, service pack 1.

I was looking into EAP-TLS versus PEAP. I understand that with EAP-TLS, you need a Certificate Authority. But after reading the numerous white papers and documents, I am confused with PEAP.

With PEAP, do I need a Certificate Authority? Is it optional? I really do not want to deal with CA if I don't have to. I just want wireless users to authenticate using Windows Active Directory domain accounts.

Has anyone done this with Windows 2003 Active Directory, PEAP, and IAS?

I would love to hear from you or obtain any documentation.

Thanks.

Ken

kagustin@dvc.edu

1 REPLY
Anonymous
N/A

Re: PEAP Question

PEAP with MS-CHAP v2 requires certificates on the IAS servers but not on the wireless clients. IAS servers must have a certificate installed in their Local Computer certificate store. Instead of deploying a Public Key Infrastructure (PKI), you can purchase individual certificates from a third-party certification authority (CA) to install on your IAS servers. To make sure that wireless clients can validate the IAS server certificate chain, the root CA certificate of the CA that issues the IAS server certificates must be installed on each wireless client.

187
Views
0
Helpful
1
Replies
CreatePlease to create content