Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1120
Views
5
Helpful
4
Replies

PEAP+Radius

J_Vansen_S
Level 7
Level 7

‎07-06-2006 06:53 PM - edited ‎07-04-2021 12:34 PM

This is my network setup

cisco ACS4.0(radius)

aironet 1100

3rd party client adapter using winXp

My objective is to authenticate my users(created on the ACS) via the Radius server. Im not quite sure how EAP-MSCHAPv2 and EAP-GTC works. From my understanding MSCHAP is authenticate via windows username n password. So which is my best opinion?

Labels:
0 Helpful
4 Replies 4

Scott Fella
Hall of Fame
Hall of Fame

‎07-07-2006 06:09 AM

You can go either way, the only thing is that if you want to go with Cisco PEAP (EAP-GTC) you will have to install Cisco PEAP on all wireless stations. It might be easier to just stick with EAP-MSCHAPv2. You should be able to authenticate users locally on the ACS.

-Scott
*** Please rate helpful posts ***

J_Vansen_S
Level 7
Level 7
In response to Scott Fella

‎07-07-2006 05:42 PM

u mentioned "install Cisco Peap on all wireles stations". That means i would need Cisco client adapters on my wireless stations. Is that correct? Anyway thanks for ur reply 🙂

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to J_Vansen_S

‎07-10-2006 04:07 AM

there is a small executable that you must run on wireless client devices (that are supported) if you want to run Cisco PEAP. you proboble can fond it somewhere on cisco's web site.

-Scott
*** Please rate helpful posts ***
0 Helpful

pnschurr
Level 2
Level 2

‎07-09-2006 06:14 PM

If you're going to use PEAP (or even say it!) then you're stuck with CHAP.

PEAP stacks a bunch of stuff onto other stuff... between client and Radius server (vi AP) you get a protocol stack that looks like this...

EAPOL

EAP

Radius sever asks for PEAP (Server side cert TLS)

CHAP inside TLS.

If XP is booted and user not logged on, then machine ID is exchanged in CHAP.

When user logs onto XP client, user credentials are exchanged in CHAP.

When CHAP is successful, Radius server provides encryption keys to both client and AP.

peter

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card