Aironet 1200 AP against IAS

Discussion in 'Cisco' started by jt, May 5, 2004.

  1. jt

    jt Guest

    HI all,

    has anyone successfully set up Authentication of Client devices associating
    against
    a 1200 Series AP, relayed to a box running Microsoft IAS ? Is this possible
    al all ?


    Greets

    jt
     
    jt, May 5, 2004
    #1
    1. Advertising

  2. On Wed, 5 May 2004 15:15:04 +0200, "jt" <> wrote:

    ~ HI all,
    ~
    ~ has anyone successfully set up Authentication of Client devices associating
    ~ against
    ~ a 1200 Series AP, relayed to a box running Microsoft IAS ? Is this possible
    ~ al all ?
    ~
    ~
    ~ Greets
    ~
    ~ jt
    ~

    IAS can authenticate PEAP (and, I'm reasonably sure, MAC address) clients;
    you can't use IAS to authenticate LEAP clients however.
     
    Aaron Leonard, May 5, 2004
    #2
    1. Advertising

  3. jt

    jt Guest

    Hi Aaron,

    there seem to exist various dependencies....thanks for the input. We' ve now
    d/l'd a Secure ACS trial, works fine with LEAP.
    I am new to WLAN, so please be patient :))))

    Aaron, let me just ask two questions.....

    The AP runs 12.2(15), newest release. Whilst configuring encryption on the
    radio, it refuses to run AES-CCM ( "not supported on radio0" );
    ---> this is because of 2.4 GHz, isn' t it ? Will it run with 5GHz ? Which
    cipher should I use with WPA in 2.4 GHz ?

    I dislike WEP due to its known flaws, but I am forced to because of the
    centrino boxes with integrated WLAN.
    I thought to use "enc mode ciphers wep128" for the boxes not WPA - Capable,
    will this do ?

    Greets


    jt




    "Aaron Leonard" <> schrieb im Newsbeitrag
    news:...
    > On Wed, 5 May 2004 15:15:04 +0200, "jt" <> wrote:
    >
    > ~ HI all,
    > ~
    > ~ has anyone successfully set up Authentication of Client devices

    associating
    > ~ against
    > ~ a 1200 Series AP, relayed to a box running Microsoft IAS ? Is this

    possible
    > ~ al all ?
    > ~
    > ~
    > ~ Greets
    > ~
    > ~ jt
    > ~
    >
    > IAS can authenticate PEAP (and, I'm reasonably sure, MAC address) clients;
    > you can't use IAS to authenticate LEAP clients however.
     
    jt, May 6, 2004
    #3
  4. ~ there seem to exist various dependencies....thanks for the input. We' ve now
    ~ d/l'd a Secure ACS trial, works fine with LEAP.
    ~ I am new to WLAN, so please be patient :))))

    I'm relatively new myself.

    ~ Aaron, let me just ask two questions.....
    ~
    ~ The AP runs 12.2(15), newest release. Whilst configuring encryption on the
    ~ radio, it refuses to run AES-CCM ( "not supported on radio0" );
    ~ ---> this is because of 2.4 GHz, isn' t it ? Will it run with 5GHz ? Which
    ~ cipher should I use with WPA in 2.4 GHz ?

    We don't support AES yet. It will be supported in a future
    IOS release.

    ~ I dislike WEP due to its known flaws, but I am forced to because of the
    ~ centrino boxes with integrated WLAN.
    ~ I thought to use "enc mode ciphers wep128" for the boxes not WPA - Capable,
    ~ will this do ?

    Let's first figure out what authentication scheme you're
    going to use. You mentioned LEAP. Are ALL your clients
    going to use LEAP - do your Centrino clients support it?
    Or are some clients going to do LEAP and some others do
    some other kind of authentication?

    Here are some links that might help lay out your options:

    Security Implementations Q&A
    http://cisco.com/en/US/products/hw/wireless/ps4570/products_qanda_item09186a008010018c.shtml

    Wireless LAN Security White Paper
    http://cisco.com/en/US/netsol/ns339...g_solutions_white_paper09186a00800b469f.shtml

    Aaron

    ---

    ~ "Aaron Leonard" <> schrieb im Newsbeitrag
    ~ news:...
    ~ > On Wed, 5 May 2004 15:15:04 +0200, "jt" <> wrote:
    ~ >
    ~ > ~ HI all,
    ~ > ~
    ~ > ~ has anyone successfully set up Authentication of Client devices
    ~ associating
    ~ > ~ against
    ~ > ~ a 1200 Series AP, relayed to a box running Microsoft IAS ? Is this
    ~ possible
    ~ > ~ al all ?
    ~ > ~
    ~ > ~
    ~ > ~ Greets
    ~ > ~
    ~ > ~ jt
    ~ > ~
    ~ >
    ~ > IAS can authenticate PEAP (and, I'm reasonably sure, MAC address) clients;
    ~ > you can't use IAS to authenticate LEAP clients however.
    ~
     
    Aaron Leonard, May 6, 2004
    #4
  5. jt

    jt Guest

    Hi Aaron,

    I guess this is becoming increasingly interesting. Let me shortly jot down
    what Laptop hardware
    i do have under my shivering hands :) :

    5 Toshiba Tecra S1, Centrino Chipset, integrated 802.** b ** WLAN, 2.4 GHz.
    Several, say old boxes ( Dell Inspiron / Latitude, Compaq Presario) which
    must ( and so, will ) be equipped with a 802.1g capable Cisco NIC.

    The Tecra integrated NICs are Intel 2100 - based; driver is the latest
    released 2003 ! ).
    The drivers do NOT support L/EAP, only static WEP. I dug around at Intel to
    locate a EAP - capable release, was redirected to Toshiba and vice versa.
    So, this is frustrating - will need to equip the newer boxes with Cisco
    Cards as well.
    ---> Go see the doctor, Toshiba. They seem to think that static WEP is the
    ultimate thing. You CAN run 'em associated, but only with static WEP.

    --> Aaron, can you think of another solution / tweak to get the Centrinos
    doing LEAP ?

    So, this delivers the final answer, I think: After having equipped all the
    boxes with the required 802.g adapters, I' m on LEAP.
    Which releases me from the need to supply different SSIDs and such.

    Greets

    Daniel


    >
    > Let's first figure out what authentication scheme you're
    > going to use. You mentioned LEAP. Are ALL your clients
    > going to use LEAP - do your Centrino clients support it?
    > Or are some clients going to do LEAP and some others do
    > some other kind of authentication?
    >
    > Here are some links that might help lay out your options:
    >
    > Security Implementations Q&A
    >

    http://cisco.com/en/US/products/hw/wireless/ps4570/products_qanda_item09186a
    008010018c.shtml
    >
    > Wireless LAN Security White Paper
    >

    http://cisco.com/en/US/netsol/ns339/ns395/ns176/ns178/networking_solutions_w
    hite_paper09186a00800b469f.shtml
    >
    > Aaron
    >
    > ---
    >
    > ~ "Aaron Leonard" <> schrieb im Newsbeitrag
    > ~ news:...
    > ~ > On Wed, 5 May 2004 15:15:04 +0200, "jt" <> wrote:
    > ~ >
    > ~ > ~ HI all,
    > ~ > ~
    > ~ > ~ has anyone successfully set up Authentication of Client devices
    > ~ associating
    > ~ > ~ against
    > ~ > ~ a 1200 Series AP, relayed to a box running Microsoft IAS ? Is this
    > ~ possible
    > ~ > ~ al all ?
    > ~ > ~
    > ~ > ~
    > ~ > ~ Greets
    > ~ > ~
    > ~ > ~ jt
    > ~ > ~
    > ~ >
    > ~ > IAS can authenticate PEAP (and, I'm reasonably sure, MAC address)

    clients;
    > ~ > you can't use IAS to authenticate LEAP clients however.
    > ~
    >
     
    jt, May 6, 2004
    #5
  6. On Thu, 6 May 2004 22:11:44 +0200, "jt" <> wrote:

    ~ Hi Aaron,
    ~
    ~ I guess this is becoming increasingly interesting. Let me shortly jot down
    ~ what Laptop hardware
    ~ i do have under my shivering hands :) :
    ~
    ~ 5 Toshiba Tecra S1, Centrino Chipset, integrated 802.** b ** WLAN, 2.4 GHz.

    OK. According to this, that should be "CCX v1" compatible:
    http://www.cisco.com/en/US/partners/pr46/pr147/partners_pgm_partners_0900aecd800c856b.html
    with W2K or XP and "driver number 1.1.0.5.6 1.6.0.44", whatever that is.
    ccx V1 tells me that this should support LEAP and Cisco-proprietary
    TKIP (aka "CKIP".)

    ~ Several, say old boxes ( Dell Inspiron / Latitude, Compaq Presario) which
    ~ must ( and so, will ) be equipped with a 802.1g capable Cisco NIC.

    OK.

    ~ The Tecra integrated NICs are Intel 2100 - based; driver is the latest
    ~ released 2003 ! ).
    ~ The drivers do NOT support L/EAP, only static WEP. I dug around at Intel to
    ~ locate a EAP - capable release, was redirected to Toshiba and vice versa.

    ~ So, this is frustrating - will need to equip the newer boxes with Cisco
    ~ Cards as well.
    ~ ---> Go see the doctor, Toshiba. They seem to think that static WEP is the
    ~ ultimate thing. You CAN run 'em associated, but only with static WEP.
    ~
    ~ --> Aaron, can you think of another solution / tweak to get the Centrinos
    ~ doing LEAP ?

    From what I see, Toshiba should be able to supply you with working
    LEAP on your Tecras. I see a "Intel(R) PROSet 802.11b WiFi Client Utility
    with Cisco/WPA support for Win2K (v7.2.0.0; 11-11-2003; 7.82M)"
    download on their website.

    ~ So, this delivers the final answer, I think: After having equipped all the
    ~ boxes with the required 802.g adapters, I' m on LEAP.
    ~ Which releases me from the need to supply different SSIDs and such.

    Yes, if you buy all Cisco stuff, it makes life better
    in so many ways ;-)

    Cheers,

    Aaron

    ---

    ~ Greets
    ~
    ~ Daniel
    ~
    ~
    ~ >
    ~ > Let's first figure out what authentication scheme you're
    ~ > going to use. You mentioned LEAP. Are ALL your clients
    ~ > going to use LEAP - do your Centrino clients support it?
    ~ > Or are some clients going to do LEAP and some others do
    ~ > some other kind of authentication?
    ~ >
    ~ > Here are some links that might help lay out your options:
    ~ >
    ~ > Security Implementations Q&A
    ~ >
    ~ http://cisco.com/en/US/products/hw/wireless/ps4570/products_qanda_item09186a
    ~ 008010018c.shtml
    ~ >
    ~ > Wireless LAN Security White Paper
    ~ >
    ~ http://cisco.com/en/US/netsol/ns339/ns395/ns176/ns178/networking_solutions_w
    ~ hite_paper09186a00800b469f.shtml
    ~ >
    ~ > Aaron
    ~ >
    ~ > ---
    ~ >
    ~ > ~ "Aaron Leonard" <> schrieb im Newsbeitrag
    ~ > ~ news:...
    ~ > ~ > On Wed, 5 May 2004 15:15:04 +0200, "jt" <> wrote:
    ~ > ~ >
    ~ > ~ > ~ HI all,
    ~ > ~ > ~
    ~ > ~ > ~ has anyone successfully set up Authentication of Client devices
    ~ > ~ associating
    ~ > ~ > ~ against
    ~ > ~ > ~ a 1200 Series AP, relayed to a box running Microsoft IAS ? Is this
    ~ > ~ possible
    ~ > ~ > ~ al all ?
    ~ > ~ > ~
    ~ > ~ > ~
    ~ > ~ > ~ Greets
    ~ > ~ > ~
    ~ > ~ > ~ jt
    ~ > ~ > ~
    ~ > ~ >
    ~ > ~ > IAS can authenticate PEAP (and, I'm reasonably sure, MAC address)
    ~ clients;
    ~ > ~ > you can't use IAS to authenticate LEAP clients however.
    ~ > ~
    ~ >
    ~
     
    Aaron Leonard, May 7, 2004
    #6
  7. jt

    mh Guest

    mh, May 7, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. jt
    Replies:
    14
    Views:
    6,195
    SupaKad
    Oct 13, 2009
  2. Martin Bodenstedt
    Replies:
    6
    Views:
    9,441
    dbcooper_1
    Apr 13, 2009
  3. Andre Paetzold

    Aironet 1200 and Aironet 1300 compatible?

    Andre Paetzold, Dec 8, 2004, in forum: Cisco
    Replies:
    2
    Views:
    903
    Andre Paetzold
    Dec 9, 2004
  4. chairuou
    Replies:
    0
    Views:
    528
    chairuou
    Oct 27, 2005
  5. Blig Merk
    Replies:
    66
    Views:
    1,954
    StickThatInYourPipeAndSmokeIt
    Apr 27, 2008
Loading...

Share This Page