Authniticate Cisco Wirless against AD with IAS

Posted on 2010-01-10
Medium Priority
Last Modified: 2013-11-09
I have a 4 cisco wireless access point in our network. The users have to enter a WEPA if they want to connect to the network.
I was told there is a way of authenticating the users or their computers against AD using IAS so that they don't have to enter a key if they want to connect to a wilress. Not ever used IAS and am new to Cisco Wirless, but I now our Access point has a feature to use a RADIOUS server.
Question by:netcomp
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 22

Accepted Solution

Jakob Digranes earned 1000 total points
ID: 26281151
True, you can use Radius for authentication.
When you use Radius you can get a two-factor authentication, using both something you are (computer joined to domain) and something you know (username and pword) to authenticate to network.

i.e. Harder to get unauthorized access, as with WEP or WPA/WPA2 which is either broken or easy to get to (social engineering).

Here's a guide that might help you: http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080921f67.shtml#insrescert

Author Comment

ID: 26289848
The above link is very helpful, but at the end it used the Cisco Aironet client to confgiure the wireless card.
What if we have a none Cisco wireless card or we simply want to use Windows for connecting to a wireless network. Could you send me some info on how to use the windows to connect using the same method. Thanks,

May, I open a new question for this, but do you know how I can create a  SSID for our guest and somehow configure it so that they can only access the internet and not the network.

Assisted Solution

generalit earned 1000 total points
ID: 26302598
You need to install IAS from add remove progs on the server.
You then need proper certificates installed on your workstations. Deploy via gpo if you have many machines.
on your AP via the web admin you can add the radius/ias server manually, or add via telnet which will be alot more complicated. Teh advantage thou would be that you could then re use your startup configs for other access points if you have many


Expert Comment

ID: 26302644
oops, didnt quite read jakobs reply.

it will still work when you have windows only. if your certificates match between the station and the ias server, you should see the access points add themselves. We have had when it doesnt and we just had to add a wifi connection manually, only supplying the ssis and the encryption used. but this is  very far inbetween

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn about cloud computing and its benefits for small business owners.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question