Solved

Configure Cisco Aironet 1130AG with Windows Server 2008 RADIUS

Posted on 2010-08-12
8
4,352 Views
Last Modified: 2013-11-12
I've been reading up on W2k8 NPS RADIUS and WPA2 for a little over a week now (here on EE and around the web) and still have found almost nothing useful for what I am trying to do which I believe is theoretically possible. I would like users/computers from AD to be automatically granted access without having to install a certificate on each machine (which judging from what I’ve read is possible). Also non windows devices such as Apple computers, BlackBerry cell phones, etc, will need to be able to still connect. Should the non windows domain devices be configured to somehow authenticate on the RADIUS side? Or is it possible/makes more sense to still have some sort of key so that the other devices can simply use the key to authenticate? Also what is the best authentication method for doing so? w2k8 NPS
cisco aironet 1130AG
0
Comment
Question by:ZachTouba
  • 4
  • 3
8 Comments
 
LVL 32

Expert Comment

by:nappy_d
ID: 33426035
So, here are the steps you need to accomplish:

1. You needs to configure RADIUS on your 2008 box or some other device
2. You don't need to configure a certificate but it is a better option
2a. If you want to go the certificate route, you will need to setup a CA on one of your servers
3. So now you need to configure your 1130AG. If the unit came pre-configured to work with Lan Controllers, you will first need to downgrade to autonomous mode.

So let me know where you want to start if you have any of these steps already configured.  
0
 

Author Comment

by:ZachTouba
ID: 33430597
1. I have already installed NPS on my w2k8 box (as shown in ss1). I added my Aironet 1130AG as a RADIUS client under "RADIUS Clients and Servers" and generated a "shared secret".
2. I created a Network Policy within the Network Policies folder, with conditions:
     NAS Port Type: Wireless Other OR Wireless IEEE 802.11
     Windows Groups: mydomain\Domain Computers OR mydomain\Domain Users
3. On the cisco 1130AG I've selected WPA, entered the IP of the w2k8 RADIUS server, and entered the shared secret.

So I believe I have the very basic framework there, I just need a greater understanding of which type of authentication and encryption I should setup. Also what is the "standard" or typical setup for a small business that wants to switch to WPA / WPA2 in terms of using a certificate setup.
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 33431001
The choice to use WPA or WPA2 encryption depends on what your devices support. If everything can support WPA2 go with WPA2.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:ZachTouba
ID: 33431108
It can, and it's currently set to WPA2 (as shown in ss2) I'm just not sure which type of EAP/PEAP authentication and encryption is best and how it would be configured.
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 33431133
Peap is what I have configured.
0
 

Author Comment

by:ZachTouba
ID: 33431617
Could you please elaborate. There's many different configurations of PEAP. Once you selected PEAP did you then use "MSCHAPv2" or "Smart card or certificate" for the peap auth method (within PEAP)? Did you leave MSCHAP v1 still enabled? Did you disable MSCHAP v1 + v2 both and force certificate use?
0
 
LVL 32

Accepted Solution

by:
nappy_d earned 500 total points
ID: 33464021
I use:
- PEAP
- EAP-MSCHAP-v2
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question