How to configure host-based Enable host-based Extensible Authentication Protocol (EAP)?
Enabling host based EAP.
Enabling Host-Based EAP
Before you can enable host-based EAP authentication, your network devices must meet the following requirements:
Client adapters must support WEP and use the firmware, drivers, utilities, and security modules included in the Install Wizard file.
Access points to which your client adapter may attempt to authenticate must use the following software versions or greater: firmware version 12.00T (340, 350, and 1200 series access points) or IOS release 12.2(4)JA (1100 series access points).
The Microsoft 802.1X supplicant must be installed on your Windows device.
All necessary infrastructure devices (for example, access points, servers, gateways, user databases, etc.) must be properly configured for the authentication type you plan to enable on the client.
Follow the steps below to enable host-based EAP authentication (EAP-TLS, PEAP, or EAP-SIM) for this profile.
Because EAP-TLS, PEAP, and EAP-SIM authentication are enabled in the operating system and not in ACU, you cannot switch between these authentication types simply by switching profiles in ACU. You can create a profile in ACU that uses host-based EAP, but you must enable the specific authentication type in Windows (provided Windows uses the Microsoft 802.1X supplicant). In addition, Windows can be set for only one authentication type at a time; therefore, if you have more than one profile in ACU that uses host-based EAP and you want to use another authentication type, you must change authentication types in Windows after switching profiles in ACU.
Step 1 Select Host Based EAP from the Network Security Type drop-down box on the Network Security screen.
Step 2 Select Use Dynamic WEP Keys under WEP.
Step 3 Click OK to return to the Profile Manager screen.
Step 4 Click OK or Apply on the Profile Manager screen to save your changes.
Step 5 Perform one of the following, depending on your computer's operating system:
•If your computer is running Windows 2000, double-click My Computer, Control Panel, and Network and Dial-up Connections. Right-click Local Area Connection. Click Properties. The Local Area Connection Properties screen appears.
•If your computer is running Windows XP, double-click My Computer, Control Panel, and Network Connections. Right-click Wireless Network Connection. Click Properties. The Wireless Network Connection Properties screen appears.
These instructions assume you are using Windows XP's classic view rather than its category view.
Step 6 Click the Authentication tab. The following screen appears (see Figure 5-7).
In Service Pack 1 for Windows XP, the Authentication tab has moved from its previous location. To access it, click the Wireless Networks tab, select the network that you are configuring in the Preferred network list, and click Properties.
Figure 5-7 Wireless Network Connection Properties Screen (Authentication Tab) - Windows 2000 and XP Only
Step 7 Check the Enable network access control using IEEE 802.1X check box.
Step 8 Perform one of the following, depending on the authentication type you want to use:
Host-based EAP authentication is supported only on client adapters that support Wired Equivalent Privacy (WEP) and use PCM/LMC/PCI card firmware version 4.13 or greater (or mini Peripheral Component Interconnect [PCI] card firmware version 5.0 or greater). In order to use EAP-TLS or EAP-MD5 authentication, your client adapter and access point must use 802.1X draft standard 10 firmware, and your operating system must have built-in support for host-based EAP (such as Windows XP). Download the Extensible Authentication Protocol Transport Layer Security Deployment Guide for Wireless LAN Networks for information on WLAN deployments of EAPS-TL5.
I'm trying to track down a problem with an 8821 phone, and getting stuck trying to capture packets on the controller. (WLC5520,software version 126.96.36.199). Lightly-edited logs below: (Cisco Controller) >debug ap packet-dump enable
On the old Aeronet WLC you could limit the SSID a guest could use when creating the guest account. I don't see the ability to do that now on the C9800. How can I limit which SSID a guest account can use on the new C9800 WLC platform? Tha...
Hi, Should I expect any incompatibility issues between these you software versions running at the anchor and foreign controllers? According to other posts in this forum, the anchor and foreign can run different software versions, but is this true whe...
Hi. i am ordering a 2802 access point. This AP will not connect to the POE switch. Can you help me with the part code for the external power source ? I am ordering the below in Cisco portal. Can you help with the power source AIR-AP2802I-E-K9AI...