Aironet 1236ag Radius with IAS
nevolved
Member Posts: 131
Hi,
Is it possible to use an Aironet 1236ag and authenticate users with Radius through MS IAS? I've got it set up, but when a client attempts to connect it never prompts for a username and password.
Is there some kind of client software that needs to be installed, ie not a Windows client or Intel..etc?
Thanks,
Basically I want WPA and clients to connect to the SSID then get prompted for a user/pass and be authenticated against MS IAS and users from AD
Thanks,
Is it possible to use an Aironet 1236ag and authenticate users with Radius through MS IAS? I've got it set up, but when a client attempts to connect it never prompts for a username and password.
Is there some kind of client software that needs to be installed, ie not a Windows client or Intel..etc?
Thanks,
Basically I want WPA and clients to connect to the SSID then get prompted for a user/pass and be authenticated against MS IAS and users from AD
Thanks,
Comments
-
dynamik
Banned Posts: 12,312 ■■■■■■■■■□
What authentication method are you trying to use? It sounds like you want to use PEAP.
Does that AP support that?
Does your server have a valid certificate?
How do you have your wireless group policies configured?
http://technet.microsoft.com/en-us/library/dd162271.aspx -
hypnotoad
Banned Posts: 915
i was just working on this myself...this is actually the best link on the entire internet regarding how to do this
http://www.techexams.net/forums/ccna-ccent/18806-cisco-authentication-via-ias-radius-server.html -
tiersten
Member Posts: 4,505
I think the OP wants end users to be authenticated against RADIUS before they're allowed to connect to the LAN.i was just working on this myself...this is actually the best link on the entire internet regarding how to do this
http://www.techexams.net/forums/ccna-ccent/18806-cisco-authentication-via-ias-radius-server.html -
hypnotoad
Banned Posts: 915
I think the OP wants end users to be authenticated against RADIUS before they're allowed to connect to the LAN.
Ahh sorry, read it wrong -
mgeorge
Member Posts: 774 ■■■□□□□□□□
i was just working on this myself...this is actually the best link on the entire internet regarding how to do this
http://www.techexams.net/forums/ccna-ccent/18806-cisco-authentication-via-ias-radius-server.html
Its nice to see that ya found that guide useful. I totally forgot about it being on here.
You can setup wireless the same way, but you'll need to add another policy statement in IAS.
First you'll need to create a security distribution group in active directory.
Next you'll need to add your RADIUS client in IAS using a friendly name, ip address (dns is often prefered as changes would only need to be made to dns services) set the client-vender to Cisco and configure a shared secret.
After that create a new remote access policy and specify the following policy conditions,
NAS-Port-Type matches "Wireless - IEEE 802.11"
Windows-Group matches "DOMAIN\WIFI_GROUP_NAME
Set authentication to MS-CHAPv2 and CHAP and uner the advanced dial-in profile add tthe connection attribute "Service-Type, Vender=RADIUS Standard and value=framed.
You can setup the ap to authenticate through the radius server using EAP and MS-CHAPv2.
If you use the web interface on the ap then configure the SSID to accept open authentication with eap and network EAP with no addition.
Specify the EAP Authentication server under server priorities. (make sure you have the radius servers listed in server manager with your ip address and shared secret that you setup in ias for that radius client)
If you use WPA2 then do select that key management is mandatory and use WPA.
Hope this helps.There is no place like 127.0.0.1