Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
994
Views
0
Helpful
3
Replies

What EAP supported on XP?

c.ong
Level 3
Level 3

‎06-03-2004 11:08 PM - edited ‎07-04-2021 09:41 AM

Hi,

I am designing a wireless LAN for customer. It is an end to end Cisco solutions. With CSACS acts as the authentication server. They have a mixture of wireless client such as Cisco and others. For Cisco client, they will be using LEAP / EAP- Fast protocol. The OS on other type of clients is XP. What EAP protocl is suitable for the client with XP? By default, XP uses EAP-MD5, am I right? Can CSACS supports EAP-MD5?

If they are looking at PEAP, what additional equipment or requirements I should propose?

Thanks.

Delon

Labels:
0 Helpful
3 Replies 3

verdann
Level 2
Level 2

‎06-04-2004 08:52 AM

XP does have support for EAP-MD5, but I'd highly recommend not using it, its worthless as a stand-alone wireless authentication protocol, and won't allow you to use rekeying.

If you want to use PEAP, XP already has full PEAP-MSCHAP support, you won't need any further 3rd party client software. ACS can authenticate back to an AD user database as well if you wish. Any additional equipment requirements would depend on against what user database you want to authenticate your clients, either an LDAP/radius specific user accounts db or an existing active directory user account structure.

If your XP clients are using cisco (or CCX compatible cards) then just use cisco's ACU on XP to do EAP-FAST as you would your other cisco clients. If you don't have control over the client's wireless cards then you will have to consider PEAP and other methods, I don't think any 3rd party vendors (such as Funk or Meetinghouse) do EAP-FAST just yet.

0 Helpful

c.ong
Level 3
Level 3
In response to verdann

‎07-01-2004 09:02 PM

Hi,

With reference to your recommendation,

do I need to get a digital certificate or a CA server for PEAP to run?

I have no experience on XP. Is it tedious to setup PEAP-MSCHAP?

Thanks.

Regards,

Delon

0 Helpful

ingservis
Community Member

‎06-26-2004 03:02 PM

I agree with verdann...

...as far as I remember on XP you have an option of using EAP-SIM, EAP-TLS with or without MSCHAPv2....

...you can use EAP-MD5 but is not good and you have to implement different supplicant, but it works I have tested it, not with ACS with some other Radius against MySQL user database.

...We have had similar projects with variety of clients with hardware from other vendors, EAP-MSCHAPv2 has turned out as a good solution.

Hope this helps

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card