Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
537
Views
0
Helpful
5
Replies

Authenticating laptops on WLAN

alex.alexander
Level 1
Level 1

‎02-22-2005 12:15 AM - edited ‎07-04-2021 10:28 AM

Hello,

I would like to know if it is possible to configure a WLAN to authenticate laptops using the computer ID that can be found in the active directory. The authentication is done with the help of an ACS 3.3 and Actice Directory.

Thanks in advance for your help.

Alex

Labels:
0 Helpful
5 Replies 5

gwcrook
Level 1
Level 1

‎02-23-2005 07:55 AM

YES.

We use PEAP and the XP wireless supplicant and by selecting the check box "Authenticate as computer when computer information is available" in "Network Connections -> "Wireless Network Connection" -> "Wireless Networks" -> name of SSID -> "Properties" -> "Authentication".

The laptop must have been connected to the network via a wired connection, so it can be joined to the domain, before this will work.

Leave the box unchecked and set up PEAP authentication and get it working for user validation then check the machine authentication box.

Good Luck -- Gerry

0 Helpful

edanso
Level 1
Level 1
In response to gwcrook

‎02-23-2005 10:02 AM

Has anyone set up Peap, Leap and PSK on the same AP using multiple SSID's. I've heard that you can not do LEAP and PEAP on the same AP's.

Authentication would be completed by Cisco Secure ACS v3.3 and Cisco 1200 APs running 12.2(15)

thx

0 Helpful

mstubbers
Level 1
Level 1
In response to edanso

‎02-23-2005 01:09 PM

I have LEAP and PEAP working on the same AP v12.3(2)and ACS v3.3 combination. I plan to implement multiple vlans and SSID's soon.

0 Helpful

gdedrick
Level 1
Level 1
In response to mstubbers

‎02-23-2005 02:40 PM

A couple of notes here --- I would get off 12.3(2) and move to 12.3(2)JA2. Memory leaks abound in your version, also DHCP renew issues.

I have WEP and EAP-FAST running on APs with ACS v3.2 and WDS. I understand LEAP and EAP-FAST (CCKM/WPA) are not compatible on same AP, unless you run on separate VLANs/SSIDs.

0 Helpful

d.beaver
Level 1
Level 1
In response to gdedrick

‎02-23-2005 04:34 PM

Agreed G Dedrick. I have had better luck with 12.2(15)XR2 than I have with 12.3(2)JA2 concerning authentication, specifically PEAP with Compaq IPAQ devices.

We have done several installations using multiple authentication methods and a single encrytion method per VLAN. I know you can do a variety of authentication methods on a single VLAN, but I think you can do only one encryption method per VLAN, correct me if i'm wrong.

We are currently working with a hospital that has 3 VLANS, one for Clinicians, one for Guests, and one for Legacy devices, specifically devices that don't support LEAP or PEAP.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card