Aironet 1200/Radius Help Needed

From: Jolly Student (jolly_at_joy.com)
Date: 08/09/04

  • Next message: James: "Re: PEAP error message with CA and IAS" 
    Date: Mon, 09 Aug 2004 18:26:35 GMT

    Dear Colleagues:

    Okay, I think I sort of understand this setup. New to this of course.

    I have fifteen Cisco Aironet 1200 series wireless access points on campus.
    I just fired up a W2003 Advanced Server so that I can take advantage of the
    policies for our XP Pro computers.

    I also got a certificate from verisign to install on one of the two IAS
    servers (do I need a separate certificate for the secondary IAS Server?)

    Great article on how to just go to verisign from your IAS 2003 server and
    install the certificate via Microsoft is located at:

    http://www.microsoft.com/downloads/details.aspx?FamilyID=1971d43c-d2d9-408d-bd97-139afc60996b&DisplayLang=en

    Also read a great article on generally confiuring Windows XP/Server 2003 at
    the following link:

    http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/ed80211.mspx

    Pretty step by step and I decided to use the PEAP-MS-CHAP v2 version of
    authentication since it involves just installing the certificate on the
    servers.

    Okay, here is where I am completely confused.

    Deploy group policies to the Windows XP workstations for shared key, huh,
    what shared key? I thought this was taken care of via the CA authority
    courtesy of verisign.

    Also, I think, if I read this correctly, that the clients will hit the WAPS,
    the waps will point them to the RADIUS servers, if the computers are
    configured for the SSIDs and shared keys (huh) then they should connect
    transparently.

    But my question is, if the clients have keys as do the wireless access
    points, then where is the security and how does the RADIUS server along with
    the CA Authority prevent any yahoo from setting up the keys on their
    workstation and connecting?

    Basically I am a bit confused here and, well, I am asking for help. Lastly,
    if somebody comes on campus with an XP home edition box, what do I do to
    allow them to access our network via PEAP-MS-CHAP v2?

    Advise is greatly appreciated

  • Next message: James: "Re: PEAP error message with CA and IAS"

    Relevant Pages

    • Re: PEAP for wireless access
      ... > server to use it as ... > Unable to find a certificate for use with EAP ... > to configure IAS for WPA wireless access? ...
      (microsoft.public.internet.radius)
    • RPC over HTTP, Microsoft solution
      ... Exchange Server 2003 RPC over HTTP Deployment Scenarios ... Place a check in the box next to 'Certificate Services' and click 'Yes' ...
      (microsoft.public.exchange.setup)
    • Re: OWA 2003 w/ Smart Card Authentication.
      ... Exchange 2003 server via ActivSync. ... the IIS certificate. ... Whether or not authentication will succeed is completely dictated by ... Server's SSL certificate must be configured on root of v-server via ...
      (microsoft.public.exchange.connectivity)
    • Re: Configuring LDAP on Entourage 2004 OS X
      ... Microsoft CSS Online Newsgroup Support ... does not work with a self signed SSL certificate OR with the SSL ... configure the System to allow OMA and "Server ActiveSync" access from the ... Configuring Exchange Server 2003 for Client Access. ...
      (microsoft.public.windows.server.sbs)
    • Re: Configuring SBS2003 for OWA and RWW
      ... And make sure certificate will not be ... On the Connection Type page, click Broadband, and then click Next. ... next to Preferred DNS server and next to ... If you are using ISA, please go to ISA management console, and navigate ...
      (microsoft.public.windows.server.sbs)