Re: RADIUS+SECUREID

luponec · ‎02-19-2002

I'm testing Aironet 350 AP for an italian company.

In particular I'm checking the wireless NICs authentication with the AP using a radius server.

In the first step we created a user database with username/password resident on the radius server (Cisco Secure 3.0). NO PROBLEM, it works.

BUT.... For security policy, we would like to treat wireless connections such as a RAS connection with strong authentication, so we tried to use the Radius database for the user-id and an ACE server to verify the password-code given by a secure-id token card by RSA.

IT DOES NOT WORK.

The same configuration is currently in use (and it works!!) for remote dial-up connections to our network.

I'm asking myself if anybody encountered the same trouble and if he found a solution or a workaround about.

Sorry for my worst english, please contact me for more details

Anyway TANX in advance.

alan.holt · ‎02-22-2002

The reason it isn't working is because the AP only supports MSCHAP. (i.e. CiscoSecure 3.0 or 2.6 databases, NT domain controllers, etc.)

NOTE (from help on my ASC 2.6 server):

RADIUS (Cisco Aironet). Select the RADIUS (Cisco Aironet) option when using a Cisco Aironet Access Point as a NAS. This option enables you to make use of the Cisco Aironet RADIUS VSA.

Note: Users accessing the network through a Cisco Aironet network device can only be authenticated against the CiscoSecure user database, a Windows NT/2000 user database, an ODBC user database, or an MCIS database.