PEAP MSCHAP V2 using WLC and Cisco ACS configuration example

Surendra BG · ‎07-28-2011

11929421.mp4

Video Player is loading.

Current Time 0:00

Duration 0:00

Loaded: 0%

Stream Type LIVE

Remaining Time 0:00

(view in My Videos)

PEAP MSCHAP V2 using WLC and ACS configuration example

In this video we are going to configure the WLC for PEAP MSCHAPV2 Username / Password authentication using Cisco ACS and WLC.

Hope this video was helpful and please feel free to drop in a comment and I will be more than happy to assist you!

Regards

Surendra

stefan.angerer · ‎06-11-2012

I'm pretty sure it's even recommended not to install it on a DC !

But it definitely doesn't need to be there.

Good luck!

Sundeep Dsouza · ‎06-11-2012

Thanks a ton Stefan, appreciate your help.

Regards

grabonlee · ‎06-11-2012

Stefan

Auto enrollment is not only for EAP TLS. With PEAP, the clients also receive certificates and you set a group policy for clients to automatically receive a new Cert once the old one is due to expire. Also no matter which server hosts the CA, the PDC or whatever server hosts the container of machine credentials and user credentials must have a copy of the Cert to establish the trust relationship.

stefan.angerer · ‎06-12-2012

Sorry for maybe being a bit inaccurate.

PEAP itself comes in many flavors, one of them is PEAP-MSCHAPv2 - using that there is no need for client certificates. But you could also use EAP-TLS as inner authentication in a PEAP tunnel, and then of course you need client certificates as well.

Again, since this video is about PEAP-MSCHAPv2, there is no need to have a certificate for all your clients; but you should tell your clients about your root and mabye even your intermediate CA so they can trust your RADIUS server's cert.

regards

Stefan

Troubleshooting Client Connection Issue on Cisco Wireless Controllers

Cisco Wireless LAN Controller (WLC) Software Upgrade

DHCP Option 43 on Cisco IOS DHCP Server