Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
484
Views
0
Helpful
2
Replies

Secure wireless and generic ldap

craig.eyre
Level 1
Level 1

‎12-17-2008 10:10 AM - edited ‎07-03-2021 04:54 PM

Hi All,

I'm looking into setting up a secure wireless network and can't seem to find a good fit with environment we have.

Environment:

WLC's

ACS 4.1

Generic ldap

95% of laptops use built in Windows XP(SP3) configuration tool.

I can get everything working fine with Dell Wireless Utility or Intel utility in XP, Vista built in or 3rd party client but I CAN'T seem to get Windows XP built in client to work with anything.

I read the EAP Authentication Protocol and User Database Compatibility document and found out that I can use EAP-GTC, EAP-FAST phase 2 and EAP-TLS.

I'm looking into the most seamless way for our users to connect and taking "20 minutes" to configure their network card isn't a really good option.

Any ideas or suggestion (something I'm missing) would be greatly appreciated.

Craig

Labels:
0 Helpful
2 Replies 2

CFayNTAdmin83
Level 1
Level 1

‎12-18-2008 07:38 AM

Hi. I am currently running a whole mix of clients with regards to WPA security. I have most of the laptops on their respective ccx supplicant / utility. However I do have users that run the WZC service from XP. I am not at SP3, but rather SP2 for most of the machines. I'm using PEAP (MSCHAPv2) and it works well in the SP2 environment. I did notice some issues running WZC on Vista with the new Intel N cards and early release drivers, but I didn't get a chance to try the updated versions to see if it would solve the problem. I'm running the Funk OAS radius server and the Microsoft IAS service. The problem with XP and WZC is the lack of EAP types supported. I lucked out because PEAP MSCHAPv2 is natively supported. I'm 99.9 percent positive that WZC under XP does not support LEAP and EAP-FAST since they are Cisco. So, unfortunately in order to get those clients going with WPA Enterprise security you're going to have to install the client card utility or have them run a different EAP type config.

0 Helpful

craig.eyre
Level 1
Level 1
In response to CFayNTAdmin83

‎12-18-2008 08:32 AM

Thanks for your reply,

I assume that you're running active directory? MSChapv2 isn't supported by open ldap so I'm stuck on that part. Thanks for the info which will help me in my testing.

Craig

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card