You can have Microsoft peap supplicant or Cisco Peap supplicant .
If you have windows 2000 OS , than if you load service pack3 , Microsoft peap supplicant is installed . On top of this if you install ACU 5.05 microsoft supplicant wil be overwritten by Cisco supplicant .
In case of XP , if you install service pack 1 , it will install microsoft peap supplicant , if you install ACU 5.05 it will be overwriteen by Cisco Peap supplicant .
Microsoft peap supplicant send eap-Chap in EAP tunnel and Cisco support EAP-GTC in eap tunnel .
with non cisco card it depends on which radius server and database you are running .
At present ACS 3.1 supports EAP-GTC so it will not interoperate with Microsoft supllicant . In later release ACS will have support for EAP-Chap so
that you can use 3rd party card with Microsoft supplicant and ACS3.2
One question, what is EAP-GTC? Not one I have come across before.
Also, we are looking at using the Odyssey supplicant from Funk, which has several options - PAP, CHAP, MS-CHAP, and EAP. Are any of these supported on ACS3.1? (clearly not MS-CHAP but what about the others?)
Q. What is the difference between the Microsoft PEAP supplicant and the Cisco PEAP supplicant?
A. Both supplicants support PEAP, but each supports different methods of client authentication through the TLS tunnel. The Microsoft PEAP supplicant supports client authentication by only MS-CHAP Version 2, which limits user databases to those that support MS-CHAP Version 2, such as Windows NT Domains and Active Directory. The Cisco PEAP supplicant supports client authentication by OTPs and logon passwords, enabling support for OTP databases from vendors (such as RSA Security and Secure Computing Corporation) and logon password databases (such as LDAP and Novell NDS) as well as Microsoft databases. In addition, the Cisco PEAP client includes the ability to hide user name identities until the TLS encrypted tunnel is established. This provides additional confidentiality that user names are not being broadcast during the authentication phase.
I didn't try this myself, but a colleague did. Using a Compaq (Agere) NIC and the Funk Odyssey client that ships with Evo Laptops or by from Funk, you can use EAP/LEAP and token cards (plus a whole lot of other stuff). Pull a 30 day eval from the Funk website. However Odyssey doesn't work with Cisco TKIP or MIC - see the install notes in the kit.
Also, if you use Windows XP, we found if you installed the Cisco Aironet client and drivers, these over write the XP 802.1x supplicant and give you more options - even with a Compaq NIC!!
XP supplicant does not work with ACS3.1 - you will need 3.2 which hasn't been released yet.
Thanks for that... I am going to try loading the Cisco Aironet drivers and ACU with a non-Cisco card, I will keep you posted!
Did you use the Funk Odessey client with the Odessey server/Steel belted RADIUS or with ACS? I don't think Funk support PEAP, as they developed TTLS along with Certicomm (I think!).
Your right in that the Microsoft PEAP supplicant is not supported in ACS 3.1 today, but will be in 3.2, which is released around May time. However, the Microsoft PEAP supplicant only allows the use of MS-CHAPv2 and Active Directory Authentication, there is no support for OTP's (e.g. SecureID). The only reason we waited around for PEAP was for the OTP support!!
We are moving! Please use WLCCA Forum for updates and discussions
[toc:faq] Wireless LAN Controller (WLC) Config Analyzer Download Click
here to Download To request access, send an e-mail to
firstname.lastname@example.org. Please include your Cisco.com userna...
[toc:faq] IntroductionHere is the step by step process that we have to
take care of while converting LWAPP to IOS and then vice versa..LWAPP to
IOSThe hardware used = 1141 AP (make sure we are using the right
[toc:faq] Introduction AnyConnect Secure Mobility Client 3.0: Network
Access Manager & Profile Editor on Windows Summary Use the Cisco
AnyConnect Network Access Manager Profile Editor to build custom
profiles for the AnyConnect Secure Mobility Client. App...