Configuring Cisco Secure ACS for Windows PEAP-MS-CHAPv2 - [Part 2]

Posted by Ahsan Tasneem | 5:02 AM | , , , , , | 0 comments »

Configure the Wireless Network Connection

Complete these steps:
  1. Log off and then log on by using the WirelessUser account in the wirelessdemo.local domain.
  2. Choose Start > Control Panel, double-click Network Connections, and then right-click Wireless Network Connection.
  3. Click Properties, go to the Wireless Networks tab, and ensure that the Use Windows to configure my wireless network settingsis checked.
  4. Click Add.
  5. Under the Association tab, type Employee in the Network name (SSID) field.
  6. Select WPA for the Network Authentication and ensure that Data Encryption is set to TKIP.

  7. Go to the Authentication tab.
  8. Validate that EAP type is configured to use Protected EAP (PEAP). If it is not, select it from the drop-down menu.
  9. If you want the machine to be authenticated prior to login (which allows login scripts or group policy pushes to be applied) checkAuthenticate as computer when computer information is available.
  10. Click Properties.
  11. As PEAP involves authentication of Server by the client ensure that Validate server certificate is checked. Also, make sure the CA that issued the ACS certificate is checked under the Trusted Root Certification Authorities menu.
  12. Choose Secured password (EAP-MSCHAP v2) under Authentication Method as it is used for inner authentication.
  13. Make sure the Enable Fast Reconnect check box is checked. Then, click OK three times.
    Step - x : Select the option Configure and uncheck the option present there if you want to enter the user and password manually, and ignore the Step - x if you are already logged in with the correct user and password.
  14. Right-click the wireless network connection icon in systray and then click View Available Wireless Networks.
  15. Click the Employee wireless network and click Connect.
    These screen shots indicate if the connection completes successfully.
  16. After authentication is successful, check the TCP/IP configuration for the wireless adapter by using Network Connections. It should have an address range from the DHCP scope or the scope created for the wireless clients.

    We have also configured the Cellphones (tested on Nokia N79 and Windows Mobile) to connect to the wireless router by adding the certificates on them, and now they are also able to authenticate through RADIUS Server. I'll post all the steps involved in it soon.

    Related Articles:


Related Posts Plugin for WordPress, Blogger...