cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
584
Views
0
Helpful
5
Replies

Authenticating laptops on WLAN

alex.alexander
Level 1
Level 1

Hello,

I would like to know if it is possible to configure a WLAN to authenticate laptops using the computer ID that can be found in the active directory. The authentication is done with the help of an ACS 3.3 and Actice Directory.

Thanks in advance for your help.

Alex

5 Replies 5

gwcrook
Level 1
Level 1

YES.

We use PEAP and the XP wireless supplicant and by selecting the check box "Authenticate as computer when computer information is available" in "Network Connections -> "Wireless Network Connection" -> "Wireless Networks" -> name of SSID -> "Properties" -> "Authentication".

The laptop must have been connected to the network via a wired connection, so it can be joined to the domain, before this will work.

Leave the box unchecked and set up PEAP authentication and get it working for user validation then check the machine authentication box.

Good Luck -- Gerry

Has anyone set up Peap, Leap and PSK on the same AP using multiple SSID's. I've heard that you can not do LEAP and PEAP on the same AP's.

Authentication would be completed by Cisco Secure ACS v3.3 and Cisco 1200 APs running 12.2(15)

thx

I have LEAP and PEAP working on the same AP v12.3(2)and ACS v3.3 combination. I plan to implement multiple vlans and SSID's soon.

A couple of notes here --- I would get off 12.3(2) and move to 12.3(2)JA2. Memory leaks abound in your version, also DHCP renew issues.

I have WEP and EAP-FAST running on APs with ACS v3.2 and WDS. I understand LEAP and EAP-FAST (CCKM/WPA) are not compatible on same AP, unless you run on separate VLANs/SSIDs.

Agreed G Dedrick. I have had better luck with 12.2(15)XR2 than I have with 12.3(2)JA2 concerning authentication, specifically PEAP with Compaq IPAQ devices.

We have done several installations using multiple authentication methods and a single encrytion method per VLAN. I know you can do a variety of authentication methods on a single VLAN, but I think you can do only one encryption method per VLAN, correct me if i'm wrong.

We are currently working with a hospital that has 3 VLANS, one for Clinicians, one for Guests, and one for Legacy devices, specifically devices that don't support LEAP or PEAP.

Review Cisco Networking for a $25 gift card