<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: radius in Wireless</title>
    <link>https://community.cisco.com/t5/wireless/radius/m-p/846558#M213636</link>
    <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;but what if the guy takes another laptop changes the mac and copy the certificate (if possibe dont know) and log with his username and password. would it work?&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
    <pubDate>Wed, 17 Oct 2007 19:07:20 GMT</pubDate>
    <dc:creator>daveman007</dc:creator>
    <dc:date>2007-10-17T19:07:20Z</dc:date>
    <item>
      <title>radius</title>
      <link>https://community.cisco.com/t5/wireless/radius/m-p/846547#M213625</link>
      <description>&lt;P&gt;hallo i have version 3.2.78 on my wlc 4402 and i want to configure it for EAP-TLS. it should be secured by 802.1x and wpa2 but i dont know how to do it properly over the webinterface. every suggestion is appreciated.&lt;/P&gt;</description>
      <pubDate>Sat, 03 Jul 2021 21:47:12 GMT</pubDate>
      <guid>https://community.cisco.com/t5/wireless/radius/m-p/846547#M213625</guid>
      <dc:creator>daveman007</dc:creator>
      <dc:date>2021-07-03T21:47:12Z</dc:date>
    </item>
    <item>
      <title>Re: radius</title>
      <link>https://community.cisco.com/t5/wireless/radius/m-p/846548#M213626</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Dave,&lt;/P&gt;&lt;P&gt;Please check this link,&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;A class="jive-link-custom" href="http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00807917a6.shtml" target="_blank"&gt;http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00807917a6.shtml&lt;/A&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Regards,&lt;/P&gt;&lt;P&gt;~JG&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Please rate helpful posts&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 17 Oct 2007 12:00:48 GMT</pubDate>
      <guid>https://community.cisco.com/t5/wireless/radius/m-p/846548#M213626</guid>
      <dc:creator>Jagdeep Gambhir</dc:creator>
      <dc:date>2007-10-17T12:00:48Z</dc:date>
    </item>
    <item>
      <title>Re: radius</title>
      <link>https://community.cisco.com/t5/wireless/radius/m-p/846549#M213627</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;So you want to use EAP-TLS instead of PEAP.  I other words, you want a certificate on each device.  Here is a link that might help:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;A class="jive-link-custom" href="http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00807917a6.shtml#t20" target="_blank"&gt;http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00807917a6.shtml#t20&lt;/A&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I have always used WPA2 w/PEAP MSChapv2 and a single certificate on the radius server.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;You should maybe upgrade to 4.1.185.0, just in case:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;A class="jive-link-custom" href="http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00805f381f.shtml" target="_blank"&gt;http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00805f381f.shtml&lt;/A&gt;&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 17 Oct 2007 12:05:18 GMT</pubDate>
      <guid>https://community.cisco.com/t5/wireless/radius/m-p/846549#M213627</guid>
      <dc:creator>Scott Fella</dc:creator>
      <dc:date>2007-10-17T12:05:18Z</dc:date>
    </item>
    <item>
      <title>Re: radius</title>
      <link>https://community.cisco.com/t5/wireless/radius/m-p/846550#M213628</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Hi thx for replies.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Why would you recommend me peap wit mschapv2 rather than eap-tls.&lt;/P&gt;&lt;P&gt;my problem in addition is that i cant update my wlc 4402 because i am out of warranty.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 17 Oct 2007 17:50:34 GMT</pubDate>
      <guid>https://community.cisco.com/t5/wireless/radius/m-p/846550#M213628</guid>
      <dc:creator>daveman007</dc:creator>
      <dc:date>2007-10-17T17:50:34Z</dc:date>
    </item>
    <item>
      <title>Re: radius</title>
      <link>https://community.cisco.com/t5/wireless/radius/m-p/846551#M213629</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;The reason for single side server certs is for you head. If you have to deal with all those client certs and manage them every single time a device is lost or stolen, your head will explode. By using PEAP or even the old legacy LEAP, you don't have that headache. Simpler management=fewer tylenols taken.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 17 Oct 2007 18:07:43 GMT</pubDate>
      <guid>https://community.cisco.com/t5/wireless/radius/m-p/846551#M213629</guid>
      <dc:creator>dennischolmes</dc:creator>
      <dc:date>2007-10-17T18:07:43Z</dc:date>
    </item>
    <item>
      <title>Re: radius</title>
      <link>https://community.cisco.com/t5/wireless/radius/m-p/846552#M213630</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;but the headache for Security lack will i have it or is it more or less the same security level. &lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 17 Oct 2007 18:12:55 GMT</pubDate>
      <guid>https://community.cisco.com/t5/wireless/radius/m-p/846552#M213630</guid>
      <dc:creator>daveman007</dc:creator>
      <dc:date>2007-10-17T18:12:55Z</dc:date>
    </item>
    <item>
      <title>Re: radius</title>
      <link>https://community.cisco.com/t5/wireless/radius/m-p/846553#M213631</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Exactly.... I worked on a project once doing eap-tls......NEVER AGAIN.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;You have to look at it this way.  Do you have a Root CA configured.  If you do or you don't, you should see what MS best practice for having a CA... You will need Excedrin for tension headaches.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 17 Oct 2007 18:25:45 GMT</pubDate>
      <guid>https://community.cisco.com/t5/wireless/radius/m-p/846553#M213631</guid>
      <dc:creator>Scott Fella</dc:creator>
      <dc:date>2007-10-17T18:25:45Z</dc:date>
    </item>
    <item>
      <title>Re: radius</title>
      <link>https://community.cisco.com/t5/wireless/radius/m-p/846554#M213632</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;I have to reach the result that the guys (students)using their (schoolowned)notebooks  are not able to insert other personal notebooks. Is peap good for that?&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;So using peap how do i have to configure the stuff f.i. my CA?   &lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 17 Oct 2007 18:34:14 GMT</pubDate>
      <guid>https://community.cisco.com/t5/wireless/radius/m-p/846554#M213632</guid>
      <dc:creator>daveman007</dc:creator>
      <dc:date>2007-10-17T18:34:14Z</dc:date>
    </item>
    <item>
      <title>Re: radius</title>
      <link>https://community.cisco.com/t5/wireless/radius/m-p/846555#M213633</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;That's a whole different scenario now. I would probably utilize PEAP for authentication and a MAC filter for association purposes. You could also validate a machine against RADIUS but again that could turn into a lot of work. Either way, the machine would be controlled and authentication would take place at a much more secure level.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 17 Oct 2007 18:48:12 GMT</pubDate>
      <guid>https://community.cisco.com/t5/wireless/radius/m-p/846555#M213633</guid>
      <dc:creator>dennischolmes</dc:creator>
      <dc:date>2007-10-17T18:48:12Z</dc:date>
    </item>
    <item>
      <title>Re: radius</title>
      <link>https://community.cisco.com/t5/wireless/radius/m-p/846556#M213634</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;i heard mac filters are not secure because the mac can be changed.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 17 Oct 2007 18:55:16 GMT</pubDate>
      <guid>https://community.cisco.com/t5/wireless/radius/m-p/846556#M213634</guid>
      <dc:creator>daveman007</dc:creator>
      <dc:date>2007-10-17T18:55:16Z</dc:date>
    </item>
    <item>
      <title>Re: radius</title>
      <link>https://community.cisco.com/t5/wireless/radius/m-p/846557#M213635</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;OK. Let's talk security here. The mac filter is not security. It is a method to dictate which laptop is allowed to associate to your access point. After the laptop has associated the user logs in to the network via PEAP and is authenticated. If the authentication fails, the user is not allowed a session on the network. This protects you if somebody steals the laptop they can't login to the network because their authentication fails. Never uses MAC filters as security, only access control. &lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 17 Oct 2007 19:02:04 GMT</pubDate>
      <guid>https://community.cisco.com/t5/wireless/radius/m-p/846557#M213635</guid>
      <dc:creator>dennischolmes</dc:creator>
      <dc:date>2007-10-17T19:02:04Z</dc:date>
    </item>
    <item>
      <title>Re: radius</title>
      <link>https://community.cisco.com/t5/wireless/radius/m-p/846558#M213636</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;but what if the guy takes another laptop changes the mac and copy the certificate (if possibe dont know) and log with his username and password. would it work?&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 17 Oct 2007 19:07:20 GMT</pubDate>
      <guid>https://community.cisco.com/t5/wireless/radius/m-p/846558#M213636</guid>
      <dc:creator>daveman007</dc:creator>
      <dc:date>2007-10-17T19:07:20Z</dc:date>
    </item>
    <item>
      <title>Re: radius</title>
      <link>https://community.cisco.com/t5/wireless/radius/m-p/846559#M213637</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;hmmmm changes the MAC. That CAN be done but only by a very experienced computer guy and the laptop has to be using a flavor of linux. Windows OS does not allow for modification of mac addresses. Even if he gets access to the MAC he doesn't have the logon credentials to defeat your PEAP authentication. So what has he gained? A whole lot of work for absolutely no reward. I'm just trying to make life easy for you here. Certificates will work as well but Jeez at the headaches of managing certificates.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 17 Oct 2007 19:14:36 GMT</pubDate>
      <guid>https://community.cisco.com/t5/wireless/radius/m-p/846559#M213637</guid>
      <dc:creator>dennischolmes</dc:creator>
      <dc:date>2007-10-17T19:14:36Z</dc:date>
    </item>
    <item>
      <title>Re: radius</title>
      <link>https://community.cisco.com/t5/wireless/radius/m-p/846560#M213638</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Here is the configuration for using PEAP to authenticate the machine instead of the user.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0e4.shtml" target="_blank"&gt;http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0e4.shtml&lt;/A&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 17 Oct 2007 19:17:05 GMT</pubDate>
      <guid>https://community.cisco.com/t5/wireless/radius/m-p/846560#M213638</guid>
      <dc:creator>dennischolmes</dc:creator>
      <dc:date>2007-10-17T19:17:05Z</dc:date>
    </item>
    <item>
      <title>Re: radius</title>
      <link>https://community.cisco.com/t5/wireless/radius/m-p/846561#M213639</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;ok will do. so you would not recommend eap-tls because of the huge amount of more work. and the same security level.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;The peap mschapv2 just works only the certificate commponent doesnt work so i have to work on this.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 17 Oct 2007 19:27:39 GMT</pubDate>
      <guid>https://community.cisco.com/t5/wireless/radius/m-p/846561#M213639</guid>
      <dc:creator>daveman007</dc:creator>
      <dc:date>2007-10-17T19:27:39Z</dc:date>
    </item>
    <item>
      <title>Re: radius</title>
      <link>https://community.cisco.com/t5/wireless/radius/m-p/846562#M213640</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;It's what I would do. This keeps you free to do other things with your time.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 17 Oct 2007 19:30:29 GMT</pubDate>
      <guid>https://community.cisco.com/t5/wireless/radius/m-p/846562#M213640</guid>
      <dc:creator>dennischolmes</dc:creator>
      <dc:date>2007-10-17T19:30:29Z</dc:date>
    </item>
    <item>
      <title>Re: radius</title>
      <link>https://community.cisco.com/t5/wireless/radius/m-p/846563#M213641</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;i know sure it is my first wlan with cisco and radius so i had to speak with some who just did it.&lt;/P&gt;&lt;P&gt;i have to speak about it with my employer i suppose he wants tls anyway&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 17 Oct 2007 19:39:23 GMT</pubDate>
      <guid>https://community.cisco.com/t5/wireless/radius/m-p/846563#M213641</guid>
      <dc:creator>daveman007</dc:creator>
      <dc:date>2007-10-17T19:39:23Z</dc:date>
    </item>
    <item>
      <title>Re: radius</title>
      <link>https://community.cisco.com/t5/wireless/radius/m-p/846564#M213642</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Good luck in either way you choose to proceed.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 17 Oct 2007 19:41:22 GMT</pubDate>
      <guid>https://community.cisco.com/t5/wireless/radius/m-p/846564#M213642</guid>
      <dc:creator>dennischolmes</dc:creator>
      <dc:date>2007-10-17T19:41:22Z</dc:date>
    </item>
    <item>
      <title>Re: radius</title>
      <link>https://community.cisco.com/t5/wireless/radius/m-p/846565#M213643</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;i know sure it is my first wlan with cisco and radius so i had to speak with some who just did it.&lt;/P&gt;&lt;P&gt;i have to speak about it with my employer i suppose he wants tls anyway&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 17 Oct 2007 19:44:07 GMT</pubDate>
      <guid>https://community.cisco.com/t5/wireless/radius/m-p/846565#M213643</guid>
      <dc:creator>daveman007</dc:creator>
      <dc:date>2007-10-17T19:44:07Z</dc:date>
    </item>
    <item>
      <title>Re: radius</title>
      <link>https://community.cisco.com/t5/wireless/radius/m-p/846566#M213644</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;thx dennis&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;last question about mac filtering because i'll do it independently of the eap version.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;So mac filtering means register all macs in my wlc and look which of them is looged with wich username f.i.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 17 Oct 2007 19:47:18 GMT</pubDate>
      <guid>https://community.cisco.com/t5/wireless/radius/m-p/846566#M213644</guid>
      <dc:creator>daveman007</dc:creator>
      <dc:date>2007-10-17T19:47:18Z</dc:date>
    </item>
  </channel>
</rss>

