Aironet 1236ag Radius with IAS

Hi,

Is it possible to use an Aironet 1236ag and authenticate users with Radius through MS IAS? I've got it set up, but when a client attempts to connect it never prompts for a username and password.

Is there some kind of client software that needs to be installed, ie not a Windows client or Intel..etc?

Thanks,

Basically I want WPA and clients to connect to the SSID then get prompted for a user/pass and be authenticated against MS IAS and users from AD

Thanks,

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

dynamik

What authentication method are you trying to use? It sounds like you want to use PEAP.

Does that AP support that?

Does your server have a valid certificate?

How do you have your wireless group policies configured?

http://technet.microsoft.com/en-us/library/dd162271.aspx

hypnotoad

i was just working on this myself...this is actually the best link on the entire internet regarding how to do this

http://www.techexams.net/forums/ccna-ccent/18806-cisco-authentication-via-ias-radius-server.html

tiersten

hypnotoad wrote: »

i was just working on this myself...this is actually the best link on the entire internet regarding how to do this

http://www.techexams.net/forums/ccna-ccent/18806-cisco-authentication-via-ias-radius-server.html

I think the OP wants end users to be authenticated against RADIUS before they're allowed to connect to the LAN.

hypnotoad

tiersten wrote: »

I think the OP wants end users to be authenticated against RADIUS before they're allowed to connect to the LAN.

Ahh sorry, read it wrong

mgeorge

hypnotoad wrote: »

i was just working on this myself...this is actually the best link on the entire internet regarding how to do this

http://www.techexams.net/forums/ccna-ccent/18806-cisco-authentication-via-ias-radius-server.html

Its nice to see that ya found that guide useful. I totally forgot about it being on here.

You can setup wireless the same way, but you'll need to add another policy statement in IAS.

First you'll need to create a security distribution group in active directory.

Next you'll need to add your RADIUS client in IAS using a friendly name, ip address (dns is often prefered as changes would only need to be made to dns services) set the client-vender to Cisco and configure a shared secret.

After that create a new remote access policy and specify the following policy conditions,

NAS-Port-Type matches "Wireless - IEEE 802.11"
Windows-Group matches "DOMAIN\WIFI_GROUP_NAME

Set authentication to MS-CHAPv2 and CHAP and uner the advanced dial-in profile add tthe connection attribute "Service-Type, Vender=RADIUS Standard and value=framed.

You can setup the ap to authenticate through the radius server using EAP and MS-CHAPv2.

If you use the web interface on the ap then configure the SSID to accept open authentication with eap and network EAP with no addition.

Specify the EAP Authentication server under server priorities. (make sure you have the radius servers listed in server manager with your ip address and shared secret that you setup in ias for that radius client)

If you use WPA2 then do select that key management is mandatory and use WPA.

Hope this helps.