Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1823
Views
7
Helpful
5
Replies

Intel PROSet not working with PEAP

csilvagni
Level 1
Level 1

‎08-03-2005 11:35 PM - edited ‎07-04-2021 11:00 AM

Hi,

my wireless infrastructure is currently still based on LEAP and WEP, therefore I am in the process of migrating towards PEAP and WPA.

During the testing in the lab I have encountered some problems with the client side when i use the Intel Centrino PROSet utility.

This is my setup:

Cisco 350 & 1231G AP with IOS version c350-k9w7-mx.122-15.JA and c1200-k9w7-mx.122-15.JA

Cisco ACS server 3.3(1) Build 16

Dell D600 with Intel Centrino 2200BG and PROSet version 9.0.2

Windows XP laptop running SP1

Windows XP laptop running SP2

I have generated a Self-Signed certificate on the ACS and imported the CA on my XP laptop so that it appears amongst the other CAs and configured the ACS to support MS-CHAP-V2 and GTC PEAP.

If I configure the wireless adapter via the XP client I have no problems with PEAP MS-CHAP-V2 with SP1 (some problems with stability with SP2) but when I create a profile using PEAP I associate to the AP but get the following error message on the ACS: EAP-TLS or PEAP authentication failed during SSL handshake.

When I use the XP client i am able to authenticate therefore I think it is safe to say that the certificate created by the ACS is working.

I have tried to search on the Net any issues related to PEAP with the Intel PROSet but i have had no luck. Do you have any tips on how to get it working?

Thank you

Ciao

Cristiano

Labels:
0 Helpful
5 Replies 5

jcornford
Level 1
Level 1

‎08-04-2005 02:56 AM

What a coincidence! I have recently been testing exactly the same thing, and I think I’m getting the same (if not a very similar) issue to you! As it happens, I’ve just logged a TAC case to try and work out what’s going on. In summary the issue is that Intel ProSet adapters (in my case I’ve tried 2100 and 2200) running the latest Intel utilities for both, don’t seem to like establishing the tunnel when running PEAP (in my case without machine auth). They will run under the ProSet utility using EAP-FAST or LEAP (which don’t look at the cert). I know this isn’t Cisco’s problem (being an Intel card), but I did ask Intel about this and they were a bit useless. I advised that I remembered there is a way under ACS to run a fairly big debug that tells you what phase of the tunnel establishment is failing, but I can’t remember exactly how you run it up! I’ve logged the TAC case to find out how you run the debug. I’ll let you know if I get any constructive feedback. In my case, it would be nice to get the Intel software working as it does interrupt the XP ginas quite well (or at least seems to from what I could test), which means you can run without machine auth and get all domain logging on stuff working 100% (i.e. things such as domain driven password changes will still work as will first time machine logins (no cached profiles)).

IF ANYBODY ELSE HAS GOT THESE INTEL CARDS RUNNING PEAP TO ACS 3.3 SUCCESFULLY, AND TIPS WOULD BE GRATEFULLY RECEIVED!

paul.watkins
Level 1
Level 1
In response to jcornford

‎08-04-2005 03:22 AM

We have the Intel Proset working with Cisco ACS v3.3.3 and PEAP. I had to use the Intel Proset Utility, it wouldn't work with the XP Zero Wireless Configuration. I am using v9.0.2.0 of the Proset utility on Windows XP sp2. I guess for us the key was to use the utility and not the XP configuration.

Let me know if you need more details and I can post my config.

csilvagni
Level 1
Level 1
In response to paul.watkins

‎08-04-2005 04:07 AM

Hi,as I mentioned in opening this issue, I also use the Intel PROSet utility tool, but without success, meanwhile when I enable XP Zero Wireless Config it works!! Have you generated the certificate via the tool on the ACS or have you purchased it via a CA authority?

It would be great if you could post your configs so that I can compare them with my setup.

What IOS are you running?

Thanks

Cristiano

0 Helpful

jcornford
Level 1
Level 1
In response to csilvagni

‎09-30-2005 02:58 AM

Hi,

It's a long time since I last posted on this but I've had a lot on, but I got around to some more testing. With the Pro-Set software, I finally got it working, and doing two main things made a difference. For some reason (can't imagine why), it didn't like my Cisco CB21AG adapter being inserted at the same time. In addition, after creating the profiles, it seems to work better after rebooting. I'd suggest anyone having difficulties look for any apps running on the same machine that might interfere. I've attached the profile for the adapter that worked for me.

HOWEVER, and here is the BIG HOWEVER. The intel software's main drawback seems to be that it needs to use a static username and password for most EAP types. This means that if you ever force your users to change there passwords, you can't do it dynamically on the Pro-Set software (not that I can find), and that sucks. Therefore I have ditched the Intel software entirely in favour of other options!

35254-lab1test.p50
0 Helpful

rhobab
Level 1
Level 1
In response to jcornford

‎08-19-2005 05:32 AM

Normally when I have problems with cards I remove all the utilities a nd use only the Windows driver and that seems to work fine. The Windows dirver must belong to the Windows compatibility list. Some time ago I had some trouble with the 2200BG which I solved removing the Intel utility.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card