https://community.cisco.com/t5/wireless/peap/m-p/489324#M25951 <P>Hi there.</P><P>I have setup EAP type authentication using MS-PEAP V2, everything works fine. The issue is when using PEAP, users must authenticate before network connection is established. However, this introduces another issue, I cannot for example, push a virus while the machine is logged out. I don't want to use LEAP. I need to use a strong a safe method while allowing me pushing updates when machines are logged out. Ant assistance is highly appreciated.</P><P></P><P>Thanks.</P><P></P><P></P> Sun, 04 Jul 2021 17:47:59 GMT ssumrein 2021-07-04T17:47:59Z https://community.cisco.com/t5/wireless/peap/m-p/489324#M25951 <P>Hi there.</P><P>I have setup EAP type authentication using MS-PEAP V2, everything works fine. The issue is when using PEAP, users must authenticate before network connection is established. However, this introduces another issue, I cannot for example, push a virus while the machine is logged out. I don't want to use LEAP. I need to use a strong a safe method while allowing me pushing updates when machines are logged out. Ant assistance is highly appreciated.</P><P></P><P>Thanks.</P><P></P><P></P> Sun, 04 Jul 2021 17:47:59 GMT https://community.cisco.com/t5/wireless/peap/m-p/489324#M25951 ssumrein 2021-07-04T17:47:59Z https://community.cisco.com/t5/wireless/peap/m-p/489325#M25953 <HTML><HEAD></HEAD><BODY><P>How about delpoying a STRUCTURED WIRELESS-AWARE NETWORK (SWAN)</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/netsol/ns339/ns395/ns176/ns178/netqa0900aecd800fad5c.html" target="_blank">http://www.cisco.com/en/US/netsol/ns339/ns395/ns176/ns178/netqa0900aecd800fad5c.html</A></P></BODY></HTML> Tue, 31 May 2005 12:35:46 GMT https://community.cisco.com/t5/wireless/peap/m-p/489325#M25953 ebreniz 2005-05-31T12:35:46Z https://community.cisco.com/t5/wireless/peap/m-p/489326#M25954 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>You could always configure IAS to allow computer authentication, based on if the computers are in the domain or not.</P><P></P><P>That way, the computers would be authenticated to the access point before user authentication would take place.</P><P></P><P>I would think that having user authentication combined with computer authentication configured in IAS would be best option to allow access to the wireless domain.</P><P></P><P>Regards</P><P>Andri</P><P></P></BODY></HTML> Tue, 31 May 2005 12:58:34 GMT https://community.cisco.com/t5/wireless/peap/m-p/489326#M25954 andri 2005-05-31T12:58:34Z https://community.cisco.com/t5/wireless/peap/m-p/489327#M25956 <HTML><HEAD></HEAD><BODY><P>Hi Andri, </P><P></P><P>what are the prerequisites for this solution. Is it necessary to install a ca ??</P><P>I have to configure a this scenario with AP 1232. For RADIUS there is an IAS or CSACS Server installed. I don´t know if i have to install a CA for machine authentication. Our users have to authenticate with the AD.</P><P></P><P>Thanks for support, </P><P></P><P>Kind regards</P><P></P><P>Armin</P></BODY></HTML> Fri, 03 Jun 2005 07:03:55 GMT https://community.cisco.com/t5/wireless/peap/m-p/489327#M25956 armin.kraus 2005-06-03T07:03:55Z https://community.cisco.com/t5/wireless/peap/m-p/489328#M25957 <HTML><HEAD></HEAD><BODY><P>Yes, the ACS or IAS would have to have a server certificate, either install your own CA or buy a certificate from a CA vendor. Then you would have to decide if client authentication would be MSCHAP or certificates.</P><P></P><P></P><P>The newer versions of ACS can generate a self signed certificate also.</P><P></P><P>Regards</P><P>Andri</P></BODY></HTML> Fri, 03 Jun 2005 08:35:59 GMT https://community.cisco.com/t5/wireless/peap/m-p/489328#M25957 andri 2005-06-03T08:35:59Z