Encryption over Cisco Wireless Network

[noncentz420]

I was giving the task of providing secure access to my schools wireless network. We have the following already active on my test Network...
Wireless Lan Solution Engine (WLSE)
2 1100 Cisco AP
1 1240AG Cisco AP

I configured the 1240AG to use the Local Radius Server for Auth of Clients and WDS. Both 1100 AP do Client Auth.

The problem that I am having comes when trying to encrypt traffic. The only protocols that are an option for the local radius server on the AP are EAP-FAST and LEAP. But when I try to Auth using a windows client It will not associate.

Point Blank : I need a certificatless protocol that will auth when using Windows Wireless Software as appossed to Cisco's Proprietary software that comes when you install a wireless device. I read that Windows XP will only use PEAP and EAP-TLS which the Local Radius server for the APs will not Auth

Any help would be much appreciated

 

[jdeisenm]

Set up a radius server and use peap with mschap v2 authentication. XP can handle this.

here is the AAA/Radius part of the cisco config
aaa new-model
!
!
aaa group server radius rad_eap
server 10.1.1.1 auth-port 1645 acct-port 1646
server 10.1.1.2 auth-port 1645 acct-port 1646
!
aaa authentication login eap_methods group rad_eap
!
aaa group server radius rad_acct
server 10.1.1.1 auth-port 1645 acct-port 1646
server 10.1.1.2 auth-port 1645 acct-port 1646
!
dot11 ssid tsunami
authentication open eap eap_methods
authentication key-management wpa
accounting acct_methods
!
radius-server attribute 32 include-in-access-req format %h
radius-server host 10.1.1.1 auth-port 1645 acct-port 1646 key 7 xxxxxx
radius-server host 10.1.1.2 auth-port 1645 acct-port 1646 key 7 xxxxxx
radius-server vsa send accounting

 

[noncentz420]

OMG.....

Ur my hero right now..
I could never get the damn radius to do mschap till now \

Thanx man