Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.
During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.
We apologize for the inconvenience while we perform important updates to the Community.
I've setup my 1130ag like the cisco walkthrough for wpa2 support. When I try to connect with my Thinkpad R60 with XP SP2 (with wpa2 hotfix) or my Acer with Vista, it just keeps popping up the credentials prompt. If I switch to WPA2-PSK, they both work fine.
All the event log shows is the machine failed authent. Anybody have any thoughts?
What type of encryption are you trying to do? 802.1x or Pre-shared?
Sounds like your RADIUS server isn't matching on the right attributes. Look in your RADIUS server detail log to understand why it is denying the login.
Not knowing how you set this up, have you looked at this doc: http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c0912.shtml
Using the internal RADIUS server, it works fine with the Intel ProSet software. When I use the XP utility, it just keeps prompting and the "Unknown Usernames" and "Invalid Packet from NAS" counters go up. I've tried with a vista laptop and get the same thing. The username success/fail counters don't incriment except for the success's with the Intel utility.
I've set fast reconnect, unchecked verify server and user computer/user info to login. It looks like Microsoft doesn't play nice with WPA2 Enterprise.
been a while since I used an autonomous AP for local EAP authentication...but I don't remember it accepting PEAP auths...M$ WZC won't do LEAP or EAP-FAST, right? Think you may have an EAP-type mismatch...
That is correct.... MS WZC doesn't support LEAP of EAP-FAST not PEAP-GTC. When you say you can use the Intel PROset, what is your configuration there.
The Intel client is set to Enterprise Security, network auth is wpa2-ent, data encryption is aes-ccmp, authent type is leap, and my username/password.
Is there any way to get windows xp/vista to natively work with wpa2 ent on a cisco ap? Or is a suplicant like Intel's required?
A suplicant is required. The only way you can have Windows XP/Vista to work with WPA2-Enterprise is to configure PEAP or use EAP-TLS. Instead of setting the auth to LEAP, you would set it to PEAP or EAP-TLS. A radius server is required and a server side cert for PEAP. If using EAP-TLS, a server and client side cert is required.
What a PITA! I was hoping Microsoft would get their "better security" right for a change :) Guess I'll setup that radius server I was hoping to avoid. Thanks for all the help guys!