Solved

Configure Cisco Aironet 1130AG with Windows Server 2008 RADIUS

Posted on 2010-08-12
8
4,394 Views
Last Modified: 2013-11-12
I've been reading up on W2k8 NPS RADIUS and WPA2 for a little over a week now (here on EE and around the web) and still have found almost nothing useful for what I am trying to do which I believe is theoretically possible. I would like users/computers from AD to be automatically granted access without having to install a certificate on each machine (which judging from what I’ve read is possible). Also non windows devices such as Apple computers, BlackBerry cell phones, etc, will need to be able to still connect. Should the non windows domain devices be configured to somehow authenticate on the RADIUS side? Or is it possible/makes more sense to still have some sort of key so that the other devices can simply use the key to authenticate? Also what is the best authentication method for doing so? w2k8 NPS
cisco aironet 1130AG
0
Comment
Question by:ZachTouba
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 32

Expert Comment

by:nappy_d
ID: 33426035
So, here are the steps you need to accomplish:

1. You needs to configure RADIUS on your 2008 box or some other device
2. You don't need to configure a certificate but it is a better option
2a. If you want to go the certificate route, you will need to setup a CA on one of your servers
3. So now you need to configure your 1130AG. If the unit came pre-configured to work with Lan Controllers, you will first need to downgrade to autonomous mode.

So let me know where you want to start if you have any of these steps already configured.  
0
 

Author Comment

by:ZachTouba
ID: 33430597
1. I have already installed NPS on my w2k8 box (as shown in ss1). I added my Aironet 1130AG as a RADIUS client under "RADIUS Clients and Servers" and generated a "shared secret".
2. I created a Network Policy within the Network Policies folder, with conditions:
     NAS Port Type: Wireless Other OR Wireless IEEE 802.11
     Windows Groups: mydomain\Domain Computers OR mydomain\Domain Users
3. On the cisco 1130AG I've selected WPA, entered the IP of the w2k8 RADIUS server, and entered the shared secret.

So I believe I have the very basic framework there, I just need a greater understanding of which type of authentication and encryption I should setup. Also what is the "standard" or typical setup for a small business that wants to switch to WPA / WPA2 in terms of using a certificate setup.
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 33431001
The choice to use WPA or WPA2 encryption depends on what your devices support. If everything can support WPA2 go with WPA2.
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 

Author Comment

by:ZachTouba
ID: 33431108
It can, and it's currently set to WPA2 (as shown in ss2) I'm just not sure which type of EAP/PEAP authentication and encryption is best and how it would be configured.
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 33431133
Peap is what I have configured.
0
 

Author Comment

by:ZachTouba
ID: 33431617
Could you please elaborate. There's many different configurations of PEAP. Once you selected PEAP did you then use "MSCHAPv2" or "Smart card or certificate" for the peap auth method (within PEAP)? Did you leave MSCHAP v1 still enabled? Did you disable MSCHAP v1 + v2 both and force certificate use?
0
 
LVL 32

Accepted Solution

by:
nappy_d earned 500 total points
ID: 33464021
I use:
- PEAP
- EAP-MSCHAP-v2
0

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question