02-22-2005 12:15 AM - edited 07-04-2021 10:28 AM
Hello,
I would like to know if it is possible to configure a WLAN to authenticate laptops using the computer ID that can be found in the active directory. The authentication is done with the help of an ACS 3.3 and Actice Directory.
Thanks in advance for your help.
Alex
02-23-2005 07:55 AM
YES.
We use PEAP and the XP wireless supplicant and by selecting the check box "Authenticate as computer when computer information is available" in "Network Connections -> "Wireless Network Connection" -> "Wireless Networks" -> name of SSID -> "Properties" -> "Authentication".
The laptop must have been connected to the network via a wired connection, so it can be joined to the domain, before this will work.
Leave the box unchecked and set up PEAP authentication and get it working for user validation then check the machine authentication box.
Good Luck -- Gerry
02-23-2005 10:02 AM
Has anyone set up Peap, Leap and PSK on the same AP using multiple SSID's. I've heard that you can not do LEAP and PEAP on the same AP's.
Authentication would be completed by Cisco Secure ACS v3.3 and Cisco 1200 APs running 12.2(15)
thx
02-23-2005 01:09 PM
I have LEAP and PEAP working on the same AP v12.3(2)and ACS v3.3 combination. I plan to implement multiple vlans and SSID's soon.
02-23-2005 02:40 PM
A couple of notes here --- I would get off 12.3(2) and move to 12.3(2)JA2. Memory leaks abound in your version, also DHCP renew issues.
I have WEP and EAP-FAST running on APs with ACS v3.2 and WDS. I understand LEAP and EAP-FAST (CCKM/WPA) are not compatible on same AP, unless you run on separate VLANs/SSIDs.
02-23-2005 04:34 PM
Agreed G Dedrick. I have had better luck with 12.2(15)XR2 than I have with 12.3(2)JA2 concerning authentication, specifically PEAP with Compaq IPAQ devices.
We have done several installations using multiple authentication methods and a single encrytion method per VLAN. I know you can do a variety of authentication methods on a single VLAN, but I think you can do only one encryption method per VLAN, correct me if i'm wrong.
We are currently working with a hospital that has 3 VLANS, one for Clinicians, one for Guests, and one for Legacy devices, specifically devices that don't support LEAP or PEAP.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide