Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

Radius Auth with MS PEAP

  • Filter
  • Time
  • Show
Clear All
new posts

  • Radius Auth with MS PEAP

    Hi All,

    I have setup RADIUS authentication with IAS/NPS running on a Windows 2008 server. I have installed the appropriate certificates and added a group policy to enable all domain users access the WLAN. The authentication method is Microsoft Protected EAP and all RADIUS clients have been configured on NPS.

    In our company we use 2 different types of WAP's, in larger sites we use multiple Cisco WAP4410N's and in the smaller sites we use Cisco 881W router. The setup works fine with the WAP4410N's but not with the 881Ws.

    When a user gets authenticated through the WAP4410, I can see the access request in the IAS viewer and an entry in the event log but with sites using an 881, I can see an access request in the IAS viewer but no event log entry at all. I have noticed that in the IAS viewer, even if the user connected successfully, the 'Connect Result' field is 'unknown' and this is the same when the request fails.

    I have checked that all the shared keys match and I have tried several different setups on the 881Ws but nothing I do seems to make a difference. I can see that the server is receiving the request but nothing happens after that so Im not sure what is failing.

    I have included the shortened in my next post..

  • #2
    Re: Radius Auth with MS PEAP

    Building configuration...

    aaa new-model
    aaa group server radius rad_eap
    server 192.168.x.x auth-port 1812 acct-port 1813
    aaa group server radius rad_mac
    aaa group server radius rad_acct
    server 192.168.x.x auth-port 1812 acct-port 1813
    aaa group server radius rad_admin
    aaa group server tacacs+ tac_admin
    aaa group server radius rad_pmip
    aaa group server radius dummy
    aaa authentication login eap_methods group rad_eap
    aaa authentication login mac_methods local
    aaa authorization exec default local
    aaa accounting network acct_methods start-stop group rad_acct
    dot11 syslog
    dot11 ssid TestAP
    vlan 1
    authentication open eap eap_methods
    authentication key-management wpa version 2
    accounting acct_methods
    bridge irb
    interface Dot11Radio0
    no ip address
    no ip route-cache
    encryption vlan 1 mode ciphers aes-ccm
    broadcast-key vlan 1 change 30
    ssid TestAP
    antenna gain 0
    station-role root
    interface Dot11Radio0.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    interface BVI1
    ip address 192.168.x.x
    no ip route-cache
    ip http server
    ip http authentication local
    ip http secure-server
    ip http help-path
    ip radius source-interface BVI1
    radius-server attribute 32 include-in-access-req format %h
    radius-server host 192.168.x.x auth-port 1645 acct-port 1646 key 7 x
    radius-server vsa send accounting
    bridge 1 route ip

    Any help on this would be greatly appreciated. If you need more info just yell.

    Many thanks!