Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
2038
Views
0
Helpful
0
Comments

Enable host-based Extensible Authentication Protocol (EAP)

TCC_2
Level 10
Level 10

‎06-22-2009 06:14 PM - edited ‎11-18-2020 02:46 AM

 

Introduction

How to configure host-based Enable host-based Extensible Authentication Protocol (EAP)?

Core Issue

Enabling host based EAP.

Enabling Host-Based EAP

Before you can enable host-based EAP authentication, your network devices must meet the following requirements:

  • Client adapters must support WEP and use the firmware, drivers, utilities, and security modules included in the Install Wizard file.
  • Access points to which your client adapter may attempt to authenticate must use the following software versions or greater: firmware version 12.00T (340, 350, and 1200 series access points) or IOS release 12.2(4)JA (1100 series access points).
  • The Microsoft 802.1X supplicant must be installed on your Windows device.
  • All necessary infrastructure devices (for example, access points, servers, gateways, user databases, etc.) must be properly configured for the authentication type you plan to enable on the client.

Follow the steps below to enable host-based EAP authentication (EAP-TLS, PEAP, or EAP-SIM) for this profile.

Note

Because EAP-TLS, PEAP, and EAP-SIM authentication are enabled in the operating system and not in ACU, you cannot switch between these authentication types simply by switching profiles in ACU. You can create a profile in ACU that uses host-based EAP, but you must enable the specific authentication type in Windows (provided Windows uses the Microsoft 802.1X supplicant). In addition, Windows can be set for only one authentication type at a time; therefore, if you have more than one profile in ACU that uses host-based EAP and you want to use another authentication type, you must change authentication types in Windows after switching profiles in ACU.

  1. Step 1 Select Host Based EAP from the Network Security Type drop-down box on the Network Security screen.
  2. Step 2 Select Use Dynamic WEP Keys under WEP.
  3. Step 3 Click OK to return to the Profile Manager screen.
  4. Step 4 Click OK or Apply on the Profile Manager screen to save your changes.
  5. Step 5 Perform one of the following, depending on your computer's operating system:

•If your computer is running Windows 98, 98 SE, NT, or Me, run the Microsoft 802.1X Authentication Client application. Then go to Step 7http://www.cisco.com/en/US/docs/wireless/wlan_adapter/350_cb20a/user/windows/1.1/configuration/guide/win5_ch6.html#wp1174019.

•If your computer is running Windows 2000, double-click My Computer, Control Panel, and Network and Dial-up Connections. Right-click Local Area Connection. Click Properties. The Local Area Connection Properties screen appears.

•If your computer is running Windows XP, double-click My Computer, Control Panel, and Network Connections. Right-click Wireless Network Connection. Click Properties. The Wireless Network Connection Properties screen appears.

Note

These instructions assume you are using Windows XP's classic view rather than its category view.

Step 6 Click the Authentication tab. The following screen appears (see Figure 5-7).

Note

In Service Pack 1 for Windows XP, the Authentication tab has moved from its previous location. To access it, click the Wireless Networks tab, select the network that you are configuring in the Preferred network list, and click Properties.

Figure 5-7     Wireless Network Connection Properties Screen (Authentication Tab) - Windows 2000 and XP Only

Step 7 Check the Enable network access control using IEEE 802.1X check box.

Step 8 Perform one of the following, depending on the authentication type you want to use:

enable host-based Extensible Authentication Protocol (EAP) on your adapter.

Setting Up EAP Authentication

During EAP authentication, the access point relays authentication messages between the RADIUS server on your network and the authenticating client device. This section provides instructions for:

Host-based EAP authentication is supported only on client adapters that support Wired Equivalent Privacy (WEP) and use PCM/LMC/PCI card firmware version 4.13 or greater (or mini Peripheral Component Interconnect [PCI] card firmware version 5.0 or greater).  In order to use EAP-TLS or EAP-MD5 authentication, your client adapter and access point must use 802.1X draft standard 10 firmware, and your operating system must have built-in support for host-based EAP (such as Windows XP). Download the  Extensible Authentication Protocol Transport Layer Security Deployment Guide for Wireless LAN Networks for information on WLAN deployments of EAPS-TL5.

set up EAP authentication on the access point running VxWorks or set up EAP authentication on the access point running IOS

Problem Type

Configure / Configuration issues

Products

Access point

WLAN adapters (wireless card) / ACU (Aironet Client Utility)

Security Options

EAP

Client OS Type

Windows

Additional Information

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents