Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PEAP wireless authentication

Has anyone successfully implemented a PEAP wireless solution? I have PAEP authentication working with a client using Cisco ACS 3.1 and authenticating with OTP (SecureID). Everything works great, except that when the user logins into windows 2000 the first time after booting up the pc, they are logging in with a cached account. This is due to the fact that the cisco interface in which you enter your username and passcode does not appear untill after logging into windows. Is there a way to authenticate the wireless network conneciton before logging into the windows domain?

3 REPLIES
New Member

Re: PEAP wireless authentication

Hi,

I am very sorry to say that you are in a problem.

I was at the same situation in aproject i had, and I was forced to change the equipment to one that work with EAP standart, 802.1x. as you know, cisco aironet works with PEAP/ LEAP, which are not fully compatible.

sorry...

New Member

Re: PEAP wireless authentication

We ended up going with authentication through Microsoft IAS with the client-side peap support supplied by the Microsoft XP and 2000 supplicants. There were a few issues with password exiprations that required a MS pre-SP4 hotfix and we may have found a bug in the 12-series code for APs that may be throwing bad RADIUS packets at IAS after a password change... 11.56 code appears to work beautifully though. The client PC logs in as a computer before the user's login occurs...

New Member

Re: PEAP wireless authentication

I am also having the same issues with PEAP not authenticating prior to domain authentication. LEAP works correctly but I told I need the added security of the SSL tunnel (the EAP-TLS part of PEAP). If PEAP authentication cannot occur before domain authentication, it there a way to make it authenticate imidiately afterwards. It seems the client sits associated to the AP and never tries to authenticate till traffic is passed. This presents a bad user expirence.

I am running a AP1100 with Aironet 350 PCMCIA cards, and Secure ACS as the authentication server.

Thanks

CS

203
Views
4
Helpful
3
Replies