Re: Can PEAP with IAS be achieved on a Cisco 877w or 1841W?

whiteford · ‎12-28-2007

Hi, I have got a Cisco 877w working in VPN mode on a DSL line I have to my Head Office. I have configured the wireless as well on WPA/TKIP and and I can wirelessly connect to my Head office via wireless.

Now I want to secure things down more if possible. Can PEAP be used by this 877w (or a 1800 series) router to a Windows IAS RADIUS server which is in the head office?

That way I can manage access via Active Directory for these small remote offices. I guess though it's not good for this authentication to travel over the VPN?

I read a few old articles that LEAP can only be done, if PEAP can be done though my next question would be how?

I see that the RADIUS Host would need to be added like:

radius-server host 1.2.3.4 auth-port 1812 key rad1

Although I see IAS authenticates on ports 1812,1645 and accounting on 1813,1646.

Attached is my current config.

ebreniz · ‎01-03-2008

Only peap can be done as 1800 series will not support peap.for autentcaition you can use leap.

whiteford · ‎01-03-2008

Are you saying peap can or cannot be on the 1800 or 877 series? Only leap?

chschroe · ‎01-05-2008

Yes, they support a broad variety of 802.1x EAP types, including PEAP.

NS

whiteford · ‎01-06-2008

Thanks NS, I'm trying to configure my 877w to authenticate its users via a windows IAS radius server, would you have an example on how I can do this? I understand the windows side and that is ready its just the cli config part?

chschroe · ‎01-07-2008

http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801bd035.shtml

Just look at the IOS config pieces, ignore the web configs.

NS