Cisco 4400 Wireless Controller and RADIUS IAS server

[chrisstyles]

Please Help, We are having trouble configuring a 4400 to back off authenticfation to an MS IAS server.

We are trying to use PEAP and I have all the certs etc loaded. Thing is it sometimes works and sometimes (much more frequently) it doesn't.

When it fails there is nothing appearing in the IAS servers logs.

Anyone had any experiance of this config, if so what details do you need.

Many thanks

Chris

Chris Styles

NT4/2000 MCSE

 

[chrisstyles]

OK a bit more information.

I can get the system to work if I select PEAP and TLS. I the set the TLS bit to use my user certificate. However if I opt to use MS-CHAP-V2 nothing.

To get the TLS to work I also need to reboot the machine. Is this a problem with my built in Wireless card? Is it worth trying a Cisco card?

What I ideally want is to be prompted for my un and pwd before login so that I can get a proper logon. TLS only works one I have logged in and the system has access to my user cert.

Anyone any ideas, I've spent about 3 days on this :-(

Chris Styles

NT4/2000 MCSE

 

[dparksfl]

I see this is an old thread, but we just experienced the same problem at our site and solved it with the following:

First, the config at the IAS server…

Ours is a DC With Certificate Server installed.
The IAS server has the following config:
RADIUS Client Type: Cisco
Remote Access Policy:
Policy Conditions: Client-IP-Address matches <Service port IP of 4402>
Grant Remote Access
Edit Profile:
Authentication: MS-CHAP V2, MS-CHAP, & CHAP
EAP Methods: PEAP
Edit / Make sure certificate from local CA is listed
Enable Fast Reconnect
Encryption: Basic, Strong, Strongest
Advanced: Empty

The config on the 4402:
Security
Call Station ID Type: IP Address
No Credentials Caching
No AES Key wrap
Server:
Shared Secret format: ASCII
Port 1812
Server Enabled
RFC3576 Disabled
Network User Enable

WLAN:
Radius Server Selected
WPA1 Policy Checked
WPA1 Encryption: TKIP
Auth Key MGMT: 802.1x
Layer 2 Security: WPA1 + WPA2