Hey Howard, A Cisco Secure Access Control Server (typically referred to as Cisco ACS) can be used to hand off authentication to Windows Active Directory. Second, the Cisco ACS supports all EAP methods, PEAP-MSCHAPv2 being one of them directly on the server with no need for handoff to Windows A/D. The nice thing about the Cisco ACS is that in addition to supporting RADIUS functionality, it will also support TACACS. In other words, it can do more than just support authentication for you wireless needs. Another option is Free radius server which can be found at http://freeradius.org/. Free radius is an open source radius server software that supports multiple EAP methods and can also hand off authentication to Windows Active Directory. I hope this information is helpful.
Todd Linder -----Original Message----- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Howard Leadmon Sent: Monday, December 07, 2009 2:13 PM To: 'Tony Varriale'; 'cisco-nsp' Subject: Re: [c-nsp] Cisco AIRONET WPA-Enterprise w/Windows question.. Sorry for following up to my own posting slowly, but have been kind of under the weather for a bit here.. :( Anyway I was saying that WPA-PSK was working fine, but I was trying to figure out how to just use the radius server in the AP to do WPA-Enterprise using the PEAP support in Windows 7/Vista. Someone did respond to me privately and stated that the Radius server in the AP does NOT support PEAP, only LEAP, so that could easily explain why I just can't make WPA using PEAP work. Seems I need to use the M$ radius server, or some other radius option to make it work with PEAP. I may do that, or just stick with WPA2-PSK, as that is working like a charm, and I only need to support it for about a half dozen logins.. So I guess in closing, it seems the Cisco AP wants to use LEAP/EAP-TTLS, and M$ wants to use PEAP, and they don't support each others protocol. So I need a supplicant to add the support to windows, or I need a Radius server that will support PEAP, then AP can talk to.. So much for simple.. LOL --- Howard Leadmon > -----Original Message----- > From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- > boun...@puck.nether.net] On Behalf Of Tony Varriale > Sent: Tuesday, December 01, 2009 1:51 AM > To: 'cisco-nsp' > Subject: Re: [c-nsp] Cisco AIRONET WPA-Enterprise w/Windows question.. > > It doesn't help me as I already know. That's why I was responding to > the original poster. > > Maybe you could try that? > > tv > ----- Original Message ----- > From: "Scott McGrath" <mcgr...@fas.harvard.edu> > To: "'cisco-nsp'" <cisco-nsp@puck.nether.net> > Sent: Monday, November 30, 2009 12:47 PM > Subject: Re: [c-nsp] Cisco AIRONET WPA-Enterprise w/Windows question.. > > > > Since there is WPA-PSK and WPA2 often known as Enterprise, > > > > The real difference is that WPA-PSK uses a fixed 'pre-shared' key to > > encrypt the link between the AP and the supplicant, Enterprise assumes > > that a RADIUS server is available to authenticate the session and > > set > the > > key for the session. What has not been discussed is what protocol is > > being used for these PEAP and/or EAP-TTLS are valid choices, > > > > The encryption scheme is 'better' on enterprise as the key is not known > > before session instantiation, But WPA-PSK (aka Personal) and WPA2 both > > use the same cipher set to protect the session so the link is as > > secure but if the key is disclosed to unauthorized users the > > wireless network effectively has no security whereas WPA2 uses a > > user database and if the user's credentials are disclosed the endpoint can be deauthenticated and > > the users credentials changed. Whereas WPA-PSK requires > reconfiguration > > of the AP(s) and supplicant reconfiguration, > > > > Hope this helps > > > > - Scott > > > > Tony Varriale wrote: > >> What type of "enterprise" are you interested in? What's your user > >> database? > >> > >> tv > >> ----- Original Message ----- > >> From: "Howard Leadmon" <how...@leadmon.net> > >> To: "'cisco-nsp'" <cisco-nsp@puck.nether.net> > >> Sent: Saturday, November 28, 2009 12:35 PM > >> Subject: [c-nsp] Cisco AIRONET WPA-Enterprise w/Windows question.. > >> > >> > >> > >>> I have a question hopefully someone can give me a pointer or shed > some > >>> light on.. > >>> > >>> > >>> > >>> I have both an Aironet 1242AG and now a 1252AG access point, which are > >>> working fine. I have WPA2-Personal with a shared key setup and > running > >>> great as well. As it was my impression that Vista and Win7 both > >>> supported > >>> Enterprise authentication, which I figured would be better and > >>> more secure than using the personal shared key stuff. > >>> > >>> > >>> > >>> I have tried, and googled, and I for the life of me just can't > >>> seem to get > >>> Enterprise auth going.. Does anyone have any docs on getting the > >>> Aironet > >>> and Windows to play together, configs, or links to info that will > help? > >>> Just FYI, I am trying to use the radius server built into the AP, > >>> as I figured that would be simple enough, hopefully doing that is ok.. > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>> --- > >>> > >>> Howard Leadmon > >>> > >>> > >>> > >>> _______________________________________________ > >>> cisco-nsp mailing list cisco-nsp@puck.nether.net > >>> https://puck.nether.net/mailman/listinfo/cisco-nsp > >>> archive at http://puck.nether.net/pipermail/cisco-nsp/ > >> > >> _______________________________________________ > >> cisco-nsp mailing list cisco-nsp@puck.nether.net > >> https://puck.nether.net/mailman/listinfo/cisco-nsp > >> archive at http://puck.nether.net/pipermail/cisco-nsp/ > >> > > > > _______________________________________________ > > cisco-nsp mailing list cisco-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/cisco-nsp > > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/