PEAP.

ssumrein · ‎05-23-2005

Hi there.

I have setup EAP type authentication using MS-PEAP V2, everything works fine. The issue is when using PEAP, users must authenticate before network connection is established. However, this introduces another issue, I cannot for example, push a virus while the machine is logged out. I don't want to use LEAP. I need to use a strong a safe method while allowing me pushing updates when machines are logged out. Ant assistance is highly appreciated.

Thanks.

ebreniz · ‎05-31-2005

How about delpoying a STRUCTURED WIRELESS-AWARE NETWORK (SWAN)

http://www.cisco.com/en/US/netsol/ns339/ns395/ns176/ns178/netqa0900aecd800fad5c.html

andri · ‎05-31-2005

Hi,

You could always configure IAS to allow computer authentication, based on if the computers are in the domain or not.

That way, the computers would be authenticated to the access point before user authentication would take place.

I would think that having user authentication combined with computer authentication configured in IAS would be best option to allow access to the wireless domain.

Regards

Andri

armin.kraus · ‎06-03-2005

Hi Andri,

what are the prerequisites for this solution. Is it necessary to install a ca ??

I have to configure a this scenario with AP 1232. For RADIUS there is an IAS or CSACS Server installed. I don´t know if i have to install a CA for machine authentication. Our users have to authenticate with the AD.

Thanks for support,

Kind regards

Armin

andri · ‎06-03-2005

Yes, the ACS or IAS would have to have a server certificate, either install your own CA or buy a certificate from a CA vendor. Then you would have to decide if client authentication would be MSCHAP or certificates.

The newer versions of ACS can generate a self signed certificate also.

Regards

Andri