05-23-2005 07:37 AM - edited 07-04-2021 10:47 AM
Hi there.
I have setup EAP type authentication using MS-PEAP V2, everything works fine. The issue is when using PEAP, users must authenticate before network connection is established. However, this introduces another issue, I cannot for example, push a virus while the machine is logged out. I don't want to use LEAP. I need to use a strong a safe method while allowing me pushing updates when machines are logged out. Ant assistance is highly appreciated.
Thanks.
05-31-2005 05:35 AM
How about delpoying a STRUCTURED WIRELESS-AWARE NETWORK (SWAN)
http://www.cisco.com/en/US/netsol/ns339/ns395/ns176/ns178/netqa0900aecd800fad5c.html
05-31-2005 05:58 AM
Hi,
You could always configure IAS to allow computer authentication, based on if the computers are in the domain or not.
That way, the computers would be authenticated to the access point before user authentication would take place.
I would think that having user authentication combined with computer authentication configured in IAS would be best option to allow access to the wireless domain.
Regards
Andri
06-03-2005 12:03 AM
Hi Andri,
what are the prerequisites for this solution. Is it necessary to install a ca ??
I have to configure a this scenario with AP 1232. For RADIUS there is an IAS or CSACS Server installed. I don´t know if i have to install a CA for machine authentication. Our users have to authenticate with the AD.
Thanks for support,
Kind regards
Armin
06-03-2005 01:35 AM
Yes, the ACS or IAS would have to have a server certificate, either install your own CA or buy a certificate from a CA vendor. Then you would have to decide if client authentication would be MSCHAP or certificates.
The newer versions of ACS can generate a self signed certificate also.
Regards
Andri
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide