11-03-2003 07:40 AM - edited 07-04-2021 09:07 AM
Does anyone have or know of an all-in-one guide to getting secure 802.1x wireless working with non-cisco cards please?
I have been struggling for weeks attempting to get this working with a Compaq TC1000 tablet PC with built in Compac Mini-WIFI card and an Aironet 1100. We also have ACS 3.2 running for our RADIUS box.
I have followed a few guides on Cisco which individually show how to configure EAP on the client or EAP on the AP.
At present I am trying EAP-TLS. The client has a personal certificate obtained from our local CA via the web interface. I am also using windows to configure the wireless on the client.
Open + EAP is selected on the AP, but it just doesn't want to work. The client see's the network, associates but fails to authenticate and thus remains with a 0.0.0.0 ip address. I see no failed attempts on ACS either.
Please can anyone help.
11-06-2003 05:38 AM
Obvious I've the same problem: I want to authenticate a wireless xp-client (XP Pro Ver.2002 SP1) through an AP1200 (12.03T ) via eap-tls on an acs server (ver. 3.1).I hoped to find an answer here - but it's also good to know that others also are struggling...
In the "EAP-TLS Deployment Guide for Wireless LAN Networks" (networking_solutions_white_paper09186a008009256b.shtml) it looks pretty easy but the client had no access although the AP logging shows that it's associated and authenticated.
Does anybody has ever setup this scenario?
Thanx for any help
11-11-2003 07:02 PM
What do the EAP diags/debugs on the AP show ??
12-09-2003 07:32 AM
12.03T does not support WPA on the access point.
First get the latest IOS conversion image for your 1200 Series, (the latest IOS available after the conversion is 12.2(13)JA1)
Your AP 1200 with 12.03T cannot recognized the WPA flags in the EAP packets.
Dave S.
12-08-2003 09:26 AM
Jason
We have have the same problem here at North Staffs Hospital which we have not resolved yet.We are using external cisco wireless cards to overcome the problem in the short term.
Have you managed to make any progress since 3rd November?
my email address at the trust is
12-18-2003 09:08 AM
I have successfully deloyed wireless Compaq TC1000 tablets using the built in NIC. The tablets are runnning Windows XP and I use the built in Microsoft supplicant for wireless configuration. I am using PEAP for Authentication. My wireless infrastructure consists of AP1200's (IOS), radius authentication to an ACS v3.2. My only struggle was getting the certificate services configured correctly, then everything worked great. We have deployed about 175 tablets in a clinical setting and all is going well. However, I am not to convinced yet if the built in card is that great. We have done some comparison testing with a tablet using the built in wireless nic vs. a tablet using a cisco card and the cisco performed much better in regards to consistent signal strength and signal quality.
12-30-2003 08:59 AM
I have been testing PEAP for like 2 months now. I have tested with Cisco cards and with built-in Centrino technology using the intel card. I get it working fine. Reliabliity and stability is the problem. The EAP security does nto seem to be mature enough to deploy when wireless needs to be up 100%. Especially when going across subnets and T1 connections. Ciscos built-in time outs for EAP have been increased with the latest code however, the 30 second time out is still not efficient (40 second EAP time out seems to be better).
In summary I have pulled the plug on EAP until it matures a bit more.
My desired result is full reliability, host and client authentication, no third party client, and work across subnets with zero problems. If anyone has questions or ideas for me please share!
PK
01-21-2004 05:07 AM
Hi there,
We are trying to deploy a very similar setup. I was wondering what access points you used and what version of code. We currently use Aironet 1100's with IOS v12.13
Thanks,
Julian
01-22-2004 03:57 AM
Hi Jason,
i found when using EAP-TLS in the scenario you have mentioned the only way i could get it to work was by turning Network EAP on (in Access Point settings) as well as require EAP and Open. I also found that i needed WIN XP service pack 1a before i could get everything to work. I know in theory you shouldn't need to turn Network EAP on but it was the only way icould get it to work.
01-26-2004 06:24 AM
Well, finally managed to get PEAP working - however I had to give up on Cisco access points, cards and ACS.
We had to go for another vendors wireless APs and use Windows 2000 IAS for radius. Using documentation on Microsoft's site things were configured within short time and things appear to be working well.
I've got some more testing to do re sesssion timeouts, reauthentication and machine authentication but at least I'm now getting somewhere.
We stuck at the Cisco kit for months, including having a couple days consultancy with our Cisco partner but to no avail. I'm sure this stuff does work, but unfortunately there isn't any concise set of documents provided here to fully understand the process and implement it.
Cisco need to take notice of all the problems being experienced here and redesign their approach to wireless.
Best Regards,
02-04-2004 01:13 PM
Not sure if you have resolved this issue, but we have a total of 6 Compaq TC1000 Tablets currently using our Cisco based wireless network. Compaq's website has a free Odyssey client specifically for the Tablets that allows them to connect to Cisco WAPs (we are also using Aironet 1100's). One caveat to note: we are using LEAP not EAP-TLS. We are also using Cisco ACS for our RADIUS server...works great.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide