Cisco 802.1x Wireless using PEAP Quick Reference Guide

Similar documents
Implementation Guide for Funk Steel-Belted RADIUS

Implementation Guide for protecting. SonicWall Security Appliances. with. BlackShield ID

Token Guide for USB MP. with. BlackShield ID

Implementation Guide for protecting. CheckPoint Firewall-1 / VPN-1. with. BlackShield ID

Implementation Guide for protecting Juniper SSL VPN with BlackShield ID

Citrix Access Gateway Implementation Guide

KT-1 Token. Reference Guide. CRYPTOCard Token Guide

CRYPTOCard Migration Agent for CRYPTO-MAS

User Databases. ACS Internal Database CHAPTER

Install Certificate on the Cisco Secure ACS Appliance for PEAP Clients

Implementing CRYPTOCard Authentication. for. Whale Communications. e-gap Remote Access SSL VPN

Configuring the Client Adapter through Windows CE.NET

Configuring the Client Adapter through the Windows XP Operating System

Cisco Secure ACS for Windows v3.2 With PEAP MS CHAPv2 Machine Authentication

Configuring the Client Adapter through the Windows XP Operating System

Secure ACS for Windows v3.2 With EAP TLS Machine Authentication

Protected EAP (PEAP) Application Note

Wireless for Windows 7

IMPORTANT INFORMATION FOR CURTIN WIRELESS ACCESS - STUDENT / WINDOWS XP -

Token Guide for KT-4 for

How to configure SecureW2

Internet Access: Wireless WVU.Encrypted Network Connecting a Windows 7 Device

Manually Configuring Windows 8 for Wireless PittNet

Wired Dot1x Version 1.05 Configuration Guide

BlackShield ID. Windows Logon Agent CRYPTOCard Corp. All rights reserved.

RSA SecurID Ready with Wireless LAN Controllers and Cisco Secure ACS Configuration Example

Manually Configuring Windows 7 for Wireless PittNet

Securewireless Windows 7 Setup Guide

Configuring Funk RADIUS to Authenticate Cisco Wireless Clients With LEAP

LAB: Configuring LEAP. Learning Objectives

Instructions for connecting to the FDIBA Wireless Network. (Windows XP)

Checkpoint VPN-1 NG/FP3

CRYPTOCard BlackBerry Token Implementation Guide

How to connect to Wi-Fi

Protected EAP (PEAP) Application Note

Release Notes for Cisco Aironet a/b/g Client Adapters (CB21AG and PI21AG) for Windows Vista 1.1

Welcome Guide for KT Series Token

Network Security 1. Module 7 Configure Trust and Identity at Layer 2

Manual UCSFwpa Configuration for Windows 7

Aruba PEAP-GTC Supplicant Plug-In Guide

PEAP under Unified Wireless Networks with ACS 5.1 and Windows 2003 Server

Release Notes for Cisco Aironet Configuration Administration Tool (ACAT) 1.4

Instructions for connecting to winthropsecure

To Activate your Wireless Account

Zebra Mobile Printer, Zebra Setup Utility, Cisco ACS, Cisco Controller PEAP and WPA-PEAP

Instructions for connecting to the FDIBA Wireless Network (Windows Vista)

NT 0018 Instructions for Setting Up UoE_Secure (XP)

PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL

Reference Card: How to connect Windows 7 to UniWireless

Using the Cisco Unified Wireless IP Phone 7921G Web Pages

TIBCO Spotfire Automation Services

Welcome Guide for MP-1 Token for Microsoft Windows

ISA 2006 and OWA 2003 Implementation Guide

Setting Up Cisco SSC. Introduction CHAPTER

Configuring EAP for Wireless Network Connectivity By Victor Zapata

PEAP under Cisco Unified Wireless Networks with ACS 4.0 and Windows 2003

ACS 5.x: LDAP Server Configuration Example

Internet access system through the Wireless Network of the University of Bologna (last update )

Cisco Secure ACS 3.0+ Quick Start Guide. Copyright , CRYPTOCard Corporation, All Rights Reserved

Connecting to the NJITSecure wireless network.

Document Signing Certificate Getting Started Guide

Cisco 4400 Series Wireless LAN Controllers PEAP Under Unified Wireless Networks with Microsoft Internet Authentication Service (IAS)

Managing External Identity Sources

WatchGuard Firebox and MUVPN. Quick Start Guide. Copyright CRYPTOCard Corporation All Rights Reserved

Install Windows 2000 Drivers and Utilities for the Cisco Aironet 340/350 Series Client Adapters

Cisco Expressway Authenticating Accounts Using LDAP

Evaluation Guide Host Access Management and Security Server 12.4

Johns Hopkins

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP

Configuring WPA2 for Windows XP

IT Quick Reference Guides Connecting to SU-Secure using Windows 8

APP NOTES Onsight Rugged Smart Camera Wireless Network Configuration

Your use of AirUWS-Lite is subject to the University s IT Acceptable Use of Resources Policy.

Release Notes for the Nortel Networks Wireless LAN Mobile Adapter 2201 Release

AppScaler SSO Active Directory Guide

802.1x Radius Setup Guide Working AirLive AP with Win X Radius Server

Implementing Network Admission Control

For my installation, I created a VMware virtual machine with 128 MB of ram and a.1 GB hard drive (102 MB).

INFORMATION SYSTEMS SERVICE NETWORKS AND TELECOMMUNICATIONS SECTOR

Configuring Authentication Types

Lightweight Directory Access Protocol (LDAP)

Understanding ACS 5.4 Configuration

License Manager Client

Content Matrix. Evaluation Guide. February 12,

Defender Desktop Login GrIDsure Token User Guide

Copyright

Configuring Funk Odyssey Software, Avaya AP-3 Access Point, and Avaya

Lab Configuring LEAP/EAP using Cisco Secure ACS (OPTIONAL)

Using EAP Authentication

Release Notes for Cisco Aironet Client Utility and Driver, Version for Mac OS

HCC Wireless Instructions for Windows 10 (long version)

One Identity Starling Two-Factor Desktop Login 1.0. Administration Guide

Installing the Client Adapter

STEP TWO: Configure your network settings (Windows XP and 2000 users start here, Windows 98se / Me start on page 3.)

SC-3 USB Token. QUICK Reference. Copyright 2007 CRYPTOCard Corporation All Rights Reserved

Using the Cisco Unified Wireless IP Phone 7921G Web Pages

Certificate Management

Best Practices Guidelines

Configuring EAP-FAST CHAPTER

SPNEGO SINGLE SIGN-ON USING SECURE LOGIN SERVER X.509 CLIENT CERTIFICATES

Transcription:

Cisco 802.1x Wireless using PEAP Quick Reference Guide

Copyright Copyright 2006, CRYPTOCard Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of CRYPTOCard Corp. Trademarks CRYPTOCard, CRYPTO-Server, and CRYPTO-Logon are either registered trademarks or trademarks of CRYPTOCard Corp. All other trademarks, trade names, service marks, service names, product names, and images mentioned and/or used herein belong to their respective owners. Additional Information, Assistance, or Comments CRYPTOCard s technical support specialists can provide assistance when planning and implementing CRYPTOCard in your network. In addition to aiding in the selection of the appropriate authentication products, CRYPTOCard can suggest deployment procedures that provide a smooth, simple transition from existing access control systems and a satisfying experience for network users. We can also help you leverage your existing network equipment and systems to maximize your return on investment. This complimentary support service is available from your first evaluation system download. CRYPTOCard works closely with channel partners to offer worldwide Technical Support services. If you purchased this product through a CRYPTOCard channel partner, please contact your reseller directly for support needs. To contact CRYPTOCard directly: International Voice: +1-613-599-2441 North America Toll Free: 1-800-307-7042 support@cryptocard.com For information about obtaining a support contract, see our Support Web page at. Publication History Date July 16, 2004 November 8, 2005 Changes Creation Global edit

Text Conventions The following text conventions are used in this document: Courier text: denotes something you see on-screen (e.g. a dialog window title or field, a configurable Key, an exact filename) or something you enter verbatim on-screen (e.g. a command). <Italicized, bracketed text>: denotes a variable that requires an appropriate value to be entered. For example, if you see <IP_address>, you might enter 192.168.1.1. Bold text: denotes a path. If the path uses a pipe ( ) character (e.g. A B C D), the path does not lead to a directory, folder, or file, but rather represents GUI/application menu options. If the path uses the backslash (\) or forward slash (/) character, the path leads to a directory, folder, or file.

Table of Contents Copyright... 2 Trademarks... 2 Additional Information, Assistance, or Comments... 2 Publication History... 2 Text Conventions... 3 1 OVERVIEW... 5 Enabling PEAP in Cisco Secure 3.1... 5 2 WIRELESS CLIENT CONFIGURATION... 6 ACU Configuration... 6 Microsoft Wireless Connection Configuration... 7 Testing the Connection... 9 3 INSTALLING THE CRYPTOCARD EUS AND INITIALIZING TOKENS... 10 Connecting to the Network... 10

1 Overview When wireless communications are secured using PEAP, all data (including logon credentials) are transmitted over an encrypted connection. Cisco Secure Access Control Server (ACS) 3.1+ supports PEAP using CRYPTOCard tokens for authentication, giving PEAP the added security of CRYPTOCard Secure Password Technology. This document explains how to set up PEAP authentication from a client machine running Windows XP or 2000 to a Cisco Secure 3.1+ ACS. It is recommended that you configure PEAP for an internal Cisco Secure user before adding CRYPTOCard support to Cisco Secure 3.1+. Please refer to the CRYPTOCard Cisco Secure ACS Quick Reference Guide for instructions about adding CRYPTOCard Token Server support to ACS. Enabling PEAP in Cisco Secure 3.1 Follow the instructions in the Cisco documentation on setting up a server certificate in ACS. 1. In the ACS System Configuration, click on Global Authentication Setup. 2. Select Allow PEAP. 3. If desired, enter the text shown to the client when authenticating via PEAP. 4. Set the timeout for PEAP authentication. 5. Click Submit + Restart.

2 Wireless Client Configuration Cisco wireless clients include the Aironet Client Utility (ACU). While PEAP support is not configured in the ACU itself, there is an option in the Cisco ACU installation program to include the Cisco PEAP Supplicant. The PEAP Supplicant must be installed on the client system to allow PEAP authentication over a wireless connection. Ensure that the necessary Microsoft Hotfixes and service packs are installed on the client system prior to installing the Cisco ACU and PEAP Supplicant. ACU Configuration Create a profile including the desired access point settings. Under Network Security for the connection profile, select Host Based EAP, and Use Dynamic WEP Keys.

Microsoft Wireless Connection Configuration 1. Open the Wireless Network Connection properties. 2. Select the Wireless Networks tab. 3. Select the network that will require PEAP and click on Properties. 4. In the Association tab, choose Data encryption (WEP enabled) and The key is provided for me automatically.

5. In the Authentication tab, check Enable IEEE 802.1x authentication for this network. Choose PEAP as the EAP type. Click on Properties. 6. In the PEAP Properties window, check Validate server certificate. For added security, specify the server name of the ACS server and check Connect only if server name ends with. 7. Enter the trusted root authority, and check Connect only if server is signed by specified trusted root CA. Choose Generic Token Card as the Second Phase EAP Type and click on Properties. 8. In the Generic Token Card Properties window, choose One Time Password and regardless of whether you are using hardware or software tokens, check Support Hardware Token.

Testing the Connection Test the configuration to this point by creating/using a username and password from the local Cisco Secure ACS database. When the wireless card connects to the network, you will be prompted to accept the server certificate (first time only) and will then be prompted to enter a username and password. Enter a valid username/password combination from ACS to authenticate the network connection.

3 Installing the CRYPTOCard EUS and initializing tokens Please refer to the CRYPTO-Server Administrator s Manual for instructions about installing the EUS software and initializing SC-1, UB-1, and ST-1 tokens on a client device. Connecting to the Network After installing the EUS and a token on the client system, authenticating using CRYPTOCard Secure Password Technology is simply a matter of entering the username and password from the EUS when the network connection requests a username and password.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback