cancel
Showing results for 
Search instead for 
Did you mean: 

Steelbelted Radius version 5.4 with RSA SecurID version 6.1 and 802.1x Cisco APs PEAP

DavidTran_
Not applicable

Steelbelted Radius version 5.4 with RSA SecurID version 6.1 and 802.1x Cisco APs PEAP

I am new to Steelbelted Radius and RSA SecurID. I am looking for a guidance. Has anyone has a step-and-step setup guide for this?

Scenario: I have Steelbelted Radius version 5.4 and RSA SecurID Authentication Manager version 6.1 running on the same physical machine Windows 2003 SP2 Server Enterprise Edition. In my environenment I have a VPN concentrator 3030 to use for remote access VPN. I integrated SecurID with Steelbelted Radius for user authentication of remote access VPN. and it is working fine.

Now I need to setup a wireless environment where I have a bunch of Cisco Access Points that I would like to setup 802.1x PEAP configuration with authentication to Steelbelted Radius and SecurID integration on the same machine that also authenticate Remote Access VPN. Here is what I've done so far:

- Install Odyssey CA on the same machine with Steelbelted and RSA SecurID,

- install Odyssey CA Requestor on the same machine with Steelbelted and RSA SecurID,
-Start CA administrator and create a new CA,

-Generate a Server Certificate. Using CA administrator to process the request. After receive the certificate, configure local SBR and save the certificate,

here is my objective:

I would like to configure the Steelbelted radius for PEAP authentication with Cisco APs so that laptop users with wireless capabilities can use PEAP to connect to my network with odyssey client through SecurID credentials WHILE remote access VPN users can still connect to my VPN concentrator with Cisco VPN client using Steelbelted with RSA SecurID credentials.

Is there a white paper out there that can document all this? Please help.

1 REPLY 1
CraigB_
Frequent Contributor

Re: Steelbelted Radius version 5.4 with RSA SecurID version 6.1 and 802.1x Cisco APs PEAP

David, I am not aware of a white paper that discusses this exact scenario. However, you are 3/4 of the way there.

If PEAP is listed in the active authentication methods, you need to make sure it is listed at the top of the auth method list (above the SecurID stuff). Once that is done, you need to go in to the EAP Settings for the SecurID auth method and place a check mark next to "Handle Via Auth-EAP First" Once that is done, you should be ready to do some testing. You need to be sure that you've added your Cisco APs as RADIUS clients and that the Make Or Model is set to Cisco Airspace. This will make the Cisco VSAs availble should you need to use them (optional).

The Administrator Guide for SBR does talk about how to setup EAP-PEAP. Biggest thing is to make sure you have Enable = 1 at the top of the peapauth.aut file in the \Radius\Service directory.

If you need more assistance, then it would be a good idea to call and open a ticket with our JTAC team

Hope that helps

Craig Brauckmiller