I have IAS working with Cisco 4404 controllers, an Aruba 2400, and an HP WESM. We are using Peap and MS-CHAPv2 with a WLAN certificate from Verisign.
The documents I used to setup the IAS server is here. http://support.microsoft.com/kb/325725/en-us http://www.microsoft.com/technet/security/guidance/cryptographyetc/peap_ 1.mspx Our wireless setup document is here http://www.central.edu/itservices/Wireless%20Network%20Setup.PDF CAVEATS I have found. You do need to authenticate the computer accounts for domain joined computers' login scripts to run. That was a big gotcha I found. Then on personally owned computers you need to turn off use computer credentials. Also PDA's I have yet to get working. They say they work with PEAP-MS-CHAP-v2, but they still want a personal certificate. I don't know why they still want a personal cert. So if someone wants to help me with that problem or help me dig up the info to enable EAP-TLS on an IAS server I'd be glad to hear from you. -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Bennett Sent: Wednesday, April 02, 2008 7:30 AM To: [email protected] Subject: [WIRELESS-LAN] WiSM, Radius, WPA & WPA2 Does anyone have experience setting up a Cisco WiSM with IAS Radius and Encryption. Basically I want to have our WiSM authenticate wireless users to our Active Directory, which we can do directly. I also want the wireless secured through WPA and/or WPA2 encryption without having to email the key to everyone. I know it can be done but can't find out how to do this. The process I want: 1. Computer connects to AP 2. Encryption key is passed to computer and transmission is now secured 3. Internet Browser redirected to login page 4. AD credentials are entered 5. Authenticate 6. Internal IP issued and good to go. We have 1,3,4,5,6 done. Step 2 we have working by putting the key into the computers but that is a pain. Any suggestions? Daniel R. Bennett CompTIA Security+ Information Technology Security Analyst Pennsylvania College of Technology One College Ave Williamsport, PA 17701 (P) 570.329.4989 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
