Wireless-configuring LEAP with 802.1x

Platform: - Cisco 1100 and 1200 wireless access point, Cisco IOS,
Keywords: - configuring wireless with LEAP and 802.1x authentication, Cisco ACS, Broadcast SSID, LEAP with Mac address authentication
Author: - Dinesh Aggarwal

In order to configure Cisco wireless 1100 access point for LEAP with 802.1x authentication access the access point by typing http://IP_address_of_ap

Now go to security and click on encryption manager as shown in below mentioned fig-1.
Select WEP encryption as mandatory as shown in diagram. In the encryption key select one encryption key and type your key here.

configuring LEAP with 802.1x

Fig-1

Now we need to enter this access point in Cisco ACS . Open Cisco ACS and click on network configuration. Click on add entry as shown in fig-2.

configuring LEAP with 802.1x

Fig-2

A new window opens up as shown in fig-3. In AAA client IP address enter the IP address of wireless AP. In this example the IP address of wireless AP is 10.203.129.58. Click on submit.

configuring LEAP with 802.1x

Fig-3

Now click on system configuration tab of ACS as show below in fig-4. Click on global authentication setup.

configuring LEAP with 802.1x

Fig-4

In the global authentication setup, under LEAP click on allow LEAP for aironet only checkbox. Under EAP-MD5, click on allow EAP-MD5 checkbox as shown in fig-5.
In MS chap configuration click both allow MS-chap version -1 authentication and
allow MS-chap version -2 authentication

configuring LEAP with 802.1x

Fig-5

Here we will be using Cisco ACS as the authentication server. So click on security and then server manager. Enter the ip address of Cisco ACS which is 10.203.142.7 in this case as shown in fig-6. Enter the shared secret key.

Please note that the same shared secret key will be entered in Cisco ACS while adding Cisco AP as an AAA client.

configuring LEAP with 802.1x

Fig-6

Now go to SSID manager and in the new SSID under authentication settings
Click the checkbox open authentication and select EAP from drop down menu.
Also click on network EAP as shown in fig-7.

configuring LEAP with 802.1x

Fig-7

If you want to broadcast ssid then, go to express security and create a new SSID, Click on Broadcast SSID in Beacon. Here the SSID name is dinesh1. In EAP authentication under RADIUS server give IP address of Cisco ACS which is 10.203.142.7 here and give the shared secret key which you entered while adding Cisco AP in Cisco ACS device list. This is shown below in fig 8

configuring LEAP with 802.1x

Fig-8

It will be automatically having open authentication with EAP and network EAP settings enables or otherwise you can always change the settings by going to security----SSID manager as was explained before.

Now let’s see the laptop or client side configuration. Here we have Cisco Aironet utility installed on the laptop
Open Cisco aironet desktop utility and click on profile management. Give a profile name and add the SSID which you created while configuring wireless AP as shown in figure 9.

configuring LEAP with 802.1x

Fig-9

Now click the security tab of the profile and select 802.1x and select LEAP from drop down menu as shown in fig-10.After that click on configure

configuring LEAP with 802.1x

Fig-10

When you click on configure the window shown in fig-11 appears. Select manually prompt LEAP username and password and no network connection until user is logged in as shown below. The below configuration is required when you want to use Cisco ACS username and password

configuring LEAP with 802.1x

Fig-11

When you login to machine, wireless is disabled by default. Right click on Cisco aironet desktop utility and click on manual LEAP Login as shown below in fig-12.

configuring LEAP with 802.1x

Fig-12

Enter username and password

configuring LEAP with 802.1x

Fig-13

Once you login the correct credentials the following window appears

configuring LEAP with 802.1x

Fig-14

 

That’s it .You are all set and logged into the wireless network

LEAP WITH MAC ADDRESS AUTHENTICATION

In order to configure LEAP with mac authentication during SSID creation (click security--- SSID manager) if you click only open auth its not going to work. You need to click network auth with mac address as shown below in fig-15

configuring LEAP with 802.1x

Fig-15

After that need to enter the mac address of laptop in the wireless AP by going to security---advanced security-----enter the mac address in format aaaa.vvvv.aaaa and click apply.

If you have any suggestions or want to add more to this article do write us an email articles@knowurtech.com

What Next?


If you liked this article, you can share it with others using the following link:


Related Content :