ā10-15-2014 09:01 AM - edited ā07-05-2021 01:44 AM
Hi Everyone,
I pretty much got EAP working, however using LEAP
When I get to EAP-FAST and PEAP, I just can't seem to get it to work
What am I missing, I do know that EAP-FAST and PEAP involve certificates. However, how do i set them up on the client side?
Hope you guys can help me on this, stuck on this part xD
Solved! Go to Solution.
ā10-15-2014 08:19 PM
First I would make sure PEAP or FAST is configured correctly. When testing pay close attention to the logs on the WLC or do the necessary debugs to troubleshoot.
Good read on local eap..
http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_0110010.html
To configure your client I will assume it windows 7 or newer?
https://supportforums.cisco.com/document/68096/peap-authentication-configuration-example-windows-7
ā10-15-2014 11:44 AM
Typically no client side certs involve in PEAP (that's why it is most popular EAP method used in enterprise environment). For EAP-FAST no certificate involvement at all.
As long as you installed the certs on your RADIUS you should be able to do the PEAP. Here is a reference post for these using ACS 5.2
http://mrncciew.com/2013/03/03/peap-eap-fast-with-acs-5-2/
HTH
Rasika
**** Pls rate all useful responses ****
ā10-15-2014 12:09 PM
EAP is a complicated subject for sure. But it shouldn't be really once you know the foundation.
EAP-PEAP can use server side and client side and EAP-FAST can as well. It all depends how its deployed.
Generally speaking, most deployments of PEAP use server side only and EAP-FAST uses PACS only.
The cert that you install on the radius server for PEAP is passed to the wireless supplicant and is used by the supplicant to hash the logon and password from the user. This hash is passed back to the radius server who has the private key who can decode the hash and pass the user ID and password back to AD for example.
Hope this helps ..
ā10-15-2014 12:09 PM
George is the wirelessguru & master of EAP.
ā10-15-2014 08:05 PM
LOL .. you've made me smile .. BTW your blog is awesome!
ā10-15-2014 05:51 PM
Thanks George,
So basically I need to have an ACS server? Because currently I do not have one
Anyway, is it possible to NOT use ACS?Basically EAP-FAST and PEAP only uses the WLC and no other devices
With regards to the authentication, I know local(duh haha) and as well AD(LDAP) is supported, so yeah.
ā10-15-2014 07:32 PM
If you have a small deployment the WLC can also act as a local radius server, so yes. Or you can use other radius solutions like FREERADIUS, ACS, etc .. Check out this video by Richard http://www.youtube.com/watch?v=YIxG4OEfwtY
ā10-15-2014 08:08 PM
...
ā10-15-2014 08:19 PM
First I would make sure PEAP or FAST is configured correctly. When testing pay close attention to the logs on the WLC or do the necessary debugs to troubleshoot.
Good read on local eap..
http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_0110010.html
To configure your client I will assume it windows 7 or newer?
https://supportforums.cisco.com/document/68096/peap-authentication-configuration-example-windows-7
ā10-15-2014 08:19 PM
Thanks George,
Looking on your link I think I know what is my mistake.
I'll try this solution! haha :D
Thanks again! :))
ā10-15-2014 07:58 PM
Hi George,
Thank you for your reply,
Basically, I have already tried EAP using LEAP, setup the connecting client(laptop) and poof! I was able to connect
However, when I switched to EAP-FAST or PEAP, I cannot connect anymore.
What steps do I need to do on the connecting client in order for it to work? It is more likely that I missed a step on the client setup side
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide