Solved

Configure Cisco Aironet 1130AG with Windows Server 2008 RADIUS

Posted on 2010-08-12
8
4,338 Views
Last Modified: 2013-11-12
I've been reading up on W2k8 NPS RADIUS and WPA2 for a little over a week now (here on EE and around the web) and still have found almost nothing useful for what I am trying to do which I believe is theoretically possible. I would like users/computers from AD to be automatically granted access without having to install a certificate on each machine (which judging from what I’ve read is possible). Also non windows devices such as Apple computers, BlackBerry cell phones, etc, will need to be able to still connect. Should the non windows domain devices be configured to somehow authenticate on the RADIUS side? Or is it possible/makes more sense to still have some sort of key so that the other devices can simply use the key to authenticate? Also what is the best authentication method for doing so? w2k8 NPS
cisco aironet 1130AG
0
Comment
Question by:ZachTouba
  • 4
  • 3
8 Comments
 
LVL 32

Expert Comment

by:nappy_d
ID: 33426035
So, here are the steps you need to accomplish:

1. You needs to configure RADIUS on your 2008 box or some other device
2. You don't need to configure a certificate but it is a better option
2a. If you want to go the certificate route, you will need to setup a CA on one of your servers
3. So now you need to configure your 1130AG. If the unit came pre-configured to work with Lan Controllers, you will first need to downgrade to autonomous mode.

So let me know where you want to start if you have any of these steps already configured.  
0
 

Author Comment

by:ZachTouba
ID: 33430597
1. I have already installed NPS on my w2k8 box (as shown in ss1). I added my Aironet 1130AG as a RADIUS client under "RADIUS Clients and Servers" and generated a "shared secret".
2. I created a Network Policy within the Network Policies folder, with conditions:
     NAS Port Type: Wireless Other OR Wireless IEEE 802.11
     Windows Groups: mydomain\Domain Computers OR mydomain\Domain Users
3. On the cisco 1130AG I've selected WPA, entered the IP of the w2k8 RADIUS server, and entered the shared secret.

So I believe I have the very basic framework there, I just need a greater understanding of which type of authentication and encryption I should setup. Also what is the "standard" or typical setup for a small business that wants to switch to WPA / WPA2 in terms of using a certificate setup.
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 33431001
The choice to use WPA or WPA2 encryption depends on what your devices support. If everything can support WPA2 go with WPA2.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:ZachTouba
ID: 33431108
It can, and it's currently set to WPA2 (as shown in ss2) I'm just not sure which type of EAP/PEAP authentication and encryption is best and how it would be configured.
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 33431133
Peap is what I have configured.
0
 

Author Comment

by:ZachTouba
ID: 33431617
Could you please elaborate. There's many different configurations of PEAP. Once you selected PEAP did you then use "MSCHAPv2" or "Smart card or certificate" for the peap auth method (within PEAP)? Did you leave MSCHAP v1 still enabled? Did you disable MSCHAP v1 + v2 both and force certificate use?
0
 
LVL 32

Accepted Solution

by:
nappy_d earned 500 total points
ID: 33464021
I use:
- PEAP
- EAP-MSCHAP-v2
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Need WiFi? Often, there are perfectly good networks that don't have WiFi capability - and there's a need to add it.  - Perhaps you have an Ethernet port into a network but no WiFi nearby. - Perhaps you have a powerline extender and no WiFi at the…
Healthcare providers, insurance companies and other covered entities trust eFax Corporate to transmit their most sensitive documents. eFax Corporate can help your organization implement a HIPAA compliant cloud faxing solution.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now