Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
780
Views
0
Helpful
2
Replies

AIRONET 350 -- TOKENCARD AUTHENTICATION

luponec
Level 1
Level 1

‎02-20-2002 06:29 AM - edited ‎07-04-2021 10:59 PM

I'm testing Aironet 350 AP for an italian company.

In particular I'm checking the wireless NICs authentication with the AP using a radius server.

In the first step we created a user database with username/password resident on the radius server (Cisco Secure 3.0). NO PROBLEM, it works.

BUT.... For security policy, we would like to treat wireless connections such as a RAS connection with strong authentication, so we tried to use the Radius database for the user-id and an ACE server to verify the password-code given by a secure-id token card by RSA.

IT DOES NOT WORK.

The same configuration is currently in use (and it works!!) for remote dial-up connections to our network.

I'm asking myself if anybody encountered the same trouble and if he found a solution or a workaround about.

Sorry for my worst english, please contact me for more details

Anyway TANX in advance.

Labels:
0 Helpful
2 Replies 2

alan.holt
Level 1
Level 1

‎02-22-2002 03:52 PM

The reason it isn't working is because the AP only supports MSCHAP. (i.e. CiscoSecure 3.0 or 2.6 databases, NT domain controllers, etc.)

NOTE (from help on my ASC 2.6 server):

RADIUS (Cisco Aironet). Select the RADIUS (Cisco Aironet) option when using a Cisco Aironet Access Point as a NAS. This option enables you to make use of the Cisco Aironet RADIUS VSA.

Note: Users accessing the network through a Cisco Aironet network device can only be authenticated against the CiscoSecure user database, a Windows NT/2000 user database, an ODBC user database, or an MCIS database.

0 Helpful

luponec
Level 1
Level 1
In response to alan.holt

‎03-01-2002 12:38 AM

I verified that at this moment it is not possible to use an OTP(One Time Password) with LEAP protocol 'couse this kind of authentication uses a One Way process while link between AP and NICs is Two-way kind: client is autenticated by AP --> and viceversa <--- .

So is not a Cisco secure bug, instead a security policy for wireless to block a "stranger" AP.

I contact RSA (secure-id manifacture) and Cisco italia, both told me they are going to develope a new protocol (PEAP) to solve the problem.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card