+ Reply to Thread
Results 1 to 6 of 6
  1. Senior Member Registered Member
    Join Date
    Jul 2008
    Posts
    131
    #1

    Default Aironet 1236ag Radius with IAS

    Hi,

    Is it possible to use an Aironet 1236ag and authenticate users with Radius through MS IAS? I've got it set up, but when a client attempts to connect it never prompts for a username and password.

    Is there some kind of client software that needs to be installed, ie not a Windows client or Intel..etc?


    Thanks,

    Basically I want WPA and clients to connect to the SSID then get prompted for a user/pass and be authenticated against MS IAS and users from AD


    Thanks,
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #2
    What authentication method are you trying to use? It sounds like you want to use PEAP.

    Does that AP support that?

    Does your server have a valid certificate?

    How do you have your wireless group policies configured?

    http://technet.microsoft.com/en-us/l.../dd162271.aspx
    Last edited by dynamik; 10-30-2009 at 12:17 AM.
    Reply With Quote Quote  

  4. Senior Member hypnotoad's Avatar
    Join Date
    Dec 2007
    Posts
    915

    Certifications
    BS&MS-CompSci, CCNA, CCNP, Hyper-V, CCAI
    #3
    i was just working on this myself...this is actually the best link on the entire internet regarding how to do this

    Cisco Authentication Via IAS Radius Server
    Reply With Quote Quote  

  5. was here.
    Join Date
    Apr 2008
    Posts
    4,504
    #4
    Quote Originally Posted by hypnotoad View Post
    i was just working on this myself...this is actually the best link on the entire internet regarding how to do this

    Cisco Authentication Via IAS Radius Server
    I think the OP wants end users to be authenticated against RADIUS before they're allowed to connect to the LAN.
    Reply With Quote Quote  

  6. Senior Member hypnotoad's Avatar
    Join Date
    Dec 2007
    Posts
    915

    Certifications
    BS&MS-CompSci, CCNA, CCNP, Hyper-V, CCAI
    #5
    Quote Originally Posted by tiersten View Post
    I think the OP wants end users to be authenticated against RADIUS before they're allowed to connect to the LAN.
    Ahh sorry, read it wrong
    Reply With Quote Quote  

  7. Cisco Guru mgeorge's Avatar
    Join Date
    Jun 2006
    Location
    127.0.0.1
    Posts
    800

    Certifications
    A few...
    #6
    Quote Originally Posted by hypnotoad View Post
    i was just working on this myself...this is actually the best link on the entire internet regarding how to do this

    Cisco Authentication Via IAS Radius Server
    Its nice to see that ya found that guide useful. I totally forgot about it being on here.

    You can setup wireless the same way, but you'll need to add another policy statement in IAS.

    First you'll need to create a security distribution group in active directory.

    Next you'll need to add your RADIUS client in IAS using a friendly name, ip address (dns is often prefered as changes would only need to be made to dns services) set the client-vender to Cisco and configure a shared secret.

    After that create a new remote access policy and specify the following policy conditions,

    NAS-Port-Type matches "Wireless - IEEE 802.11"
    Windows-Group matches "DOMAIN\WIFI_GROUP_NAME

    Set authentication to MS-CHAPv2 and CHAP and uner the advanced dial-in profile add tthe connection attribute "Service-Type, Vender=RADIUS Standard and value=framed.

    You can setup the ap to authenticate through the radius server using EAP and MS-CHAPv2.

    If you use the web interface on the ap then configure the SSID to accept open authentication with eap and network EAP with no addition.

    Specify the EAP Authentication server under server priorities. (make sure you have the radius servers listed in server manager with your ip address and shared secret that you setup in ias for that radius client)

    If you use WPA2 then do select that key management is mandatory and use WPA.

    Hope this helps.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks