Wpa2/peap on 1230

Similar Messages

• Machine authentication on WPA2 PEAP-MSCHAPv2 wireless network

  Is there anyway to setup machine authentication on Leopard or Snow Leopard associating the device to a WPA2 Enterprise wireless network using PEAP with MSCHAPv2

  In Snow Leopard open Network preferences and select the Airport port then click on the Advanced button. Click on the 802.1X tab where you should find what you want.

• Windows XP WPA2 PEAP authentication prompt

  We are using Windows XP clients with WPA2 enterprise PEAP machine and user authentication (using windows supplicant, with the PEAP patch installed). We are using ACS 4.0.1 servers for authentication in a WDS environment.
  The issue is sometimes we will see the laptop request authentication to the network once the user logs in. A yellow dialog box will appear in the lower right hand corner of the screen and request they reenter the username, password and domain. It does not happen often and most of the time this happens if for some reason the WLAN goes away, like a power outage, etc. But it does drive the users crazy and they drive me crazy about it.
  Has anyone experianced this issue and know of why it is doing it and how to make it go away?
  Thanks

  yes, authentication is succesful after that.
  I forgot to mention that the prompt says: "Click here to select a certificate or other credentials for conection to the network (SSID)"
  This may just be a normal function of the Windows XP supplicant I have just been wondering.
  Thanks for the responses.

• Solutions to Connect to WPA2/PEAP/GTC

  Reading the forums I never found a good solution to a problem we are having at my school district.
  We use WPA2 Enterprise with PEAP and GTC to connect. OS X 10.5 can connect just find, but recently we found a MAC with 10.4.11 that just refuses to connect event though I've set up the 802.1X to connect to PEAP properly. I've tried importing the certificate (even though the server doesn't require it be accepted), I made sure it was fully updated, and anything I could think of.
  Anybody know of a solution, or maybe a third party USB Wireless Adapter that works?

  Install a VNC server on your PC from http://www.realnvnc.com
  Open port 5900 on the firewall/router and connect from ARD to the machine

• Android Client working on WPA2 PEAP without certificate loaded

  I am trying to figure out why the andriod phone will work on our Cisco WPA2 Enterprise PEAP wireless when we use a custom internal certificate for authentication with our Cisco 1200 series AP's, ACS 4.x, and AD user group/accounts. 
  The certificate is not loaded on the client, nor from what I learned is very difficult to import for use when trying to install a MS generated certificate
  I did debugs between my regular Domain computer which has the domain certificate, and the Andriod and collected captures; see attachment tabs.
  I do see that the certificate is used somehow and I do see what looks like a ldap lookup.
  See the attached xls sheet with a debug tab for each the PC and the android.
  I stripped out any sensitive account/domain info for viewing.
  I'm not sure if this is a potential security loophole or not and welcome a discussion on this.

  Really?
  Its been a long time since I set this up and tested this and understood all the components. I just read up on it again and it appears your correct that PEAP only requires the server (ACS) side cert and the users credentials are protected during logon within MSCHAPv2.
  If I recall, When I set up our enviroment, we had to install our domain cert on Pocket PC's (warehouse scanners), to get them to work with PEAP as the cert was not from a default trusted publisher. I don't understand why this was an issue then. Any ideas?
  Our AD client computers all get the root cert by default, and all we do is push the wireless setting to the client by GP.
  I was under the impression that we were protected by the client requiring the domain cert, and that pocket PC's, and other rogue wireless devices would not work without them. So how to best control rogue devices without using some NAP system?

• Blackberry Z10/Q10 - WPA2 PEAP MSCHAPv2 RADIUS failure

  Hello,
  we don't get our Z10/Q10 Smartphones to work with our RADIUS infrastructure.
  All other phones (Windows Phones, iPhones, Androids, BB 9800,9810,8900) work without problems.
  We always get an authentification failure. We don't need/have an certification check.
  We also tested all possible options, but it won't work.
  This is very disapointing and frustrating.
  Regards

  Just to let you know, we've found the problem.
  It seems that the Z10 (Q10) have a problem with passwords which have special characters...
  Maybe our security policies are too strong for the self-named high-security systems from Blackberry.
  It's a pitty that it works on all other plattforms (iOS, Android, Windows Phone) but not on the Blackberry Z10,Q10 series.

• EAP-TLS or PEAP authentication failed during SSL handshake error

  I have 2 Windows 2003 ACS 3.2 servers. I am in the process of upgrading them to ACS 4.0. I am using them for WPA2/PEAP wireless authentication in a WDS environment. I recently upgraded one to ACS 4.0 and ever since that time some (not all) of my Windows XP clients have started to not be authenticated and logging the error "EAP-TLS or PEAP authentication failed during SSL handshake" on the ACS 4.0 server. During the upgrade (which was successful) I did change the Certificate since the current one was going to expire November 2007.
  The clients that do not authenticate on the ACS 4.0 server I can point to the ACS 3.2 server and they successfully authenticate there. I am able to resolve the issue by recreating the Windows XP PEAP profile for the wireless network and by getting a new client Cert. But, I have a couple of questions:
  Is the "EAP-TLS or PEAP authentication failed during SSL handshake" error due to the upgrade to ACS 4.0 or to the fact that I changed the Certificate, or both?
  Can this error ("EAP-TLS or PEAP authentication failed during SSL handshake") be resolved without me touching every Windows XP client (we have over 250+)?
  Thanks for the help

  My experience suggests that the problem is the certificate.
  I'm running ACS 3.3.
  I received the same error message when my clients copied the certificate to the wrong location, or otherwise did not correctly follow the provided instructions.
  Correctly following the instructions led to a successful connection and no more error message.

• WPA2-AES with Certifiacte authentication in WLC

  Hello,
  I have currently setup with 1200 series AP's as a Stand alone, the authentication is done via radius  with Certiface Installed in Client Domain Laptops (WPA2 + AES). The certificate is installed on the domain laptops and when I connect wireless it shows up as WPA2 (Peap). As we migrating to WLAN Controller we unable to authenticate the client with WPA2 AES. In controller if we enable PSK ( Preshared key) its works fine. with 802.1x the authentication not happening and I am getting the error as RADIUS is not responding. But we dont have a control with RADIUS which is in Remote Site. Can some one guide me in RADIUS what needs to check, and with IOS AP its works fine.
  Thanks in Advance

  You will need to have access to your RADIUS server to set up your controller to support PEAp, its not as simple as upgrading the aps and adding a controller as the controller will need adding as a client to the RADIUS server as a client and depending on your remote access policies adding into the RAS policy. You will need to liaise with the RADIUS support team

• Does iPhone 4 support Protected EAP (PEAP)???

  I goggled for hours and find nothing, does iPhone 4 OS 4.1 support WPA2/PEAP authentication?
  My office wifi use WPA2 and use a cert to authenticate, I can't seems to find this option anywhere on the phone??

  From what other sites say, such as these:
  http://grok.lsu.edu/Article.aspx?articleId=8198
  http://infotech.wsu.edu/help/wireless/peapiphone.html
  you just connect to the secure wireless and accept the certificate when presented. Nothing special appears to need to be set. But perhaps someone else here will have further information.
  Regards.

• PEAP Network losing setting

  Hi,
  We have a WPA2 / PEAP wireless network that does *not* require a verified server certificate. When setting up the connection profile we have to go into the security settings uncheck that check box before the machine will connect.
  We have a very small number of machines where, if you disconnect from the network and either connect to another network (of a different security type) or reboot, that check box returns to its default, checked, value and the machine
  won't connect to the network.
  I'm at a loss as to what it could be. We have updated the firmware and drivers of the wifi card and run windows updates.
  Win 7 Pro 64 Bit.
  I like saying no. It lowers their enthusiasm.

  Hi,
  Before going further, could you please tell more information regarding what the check box here used for?
  For the wireless network settings, if you settings up a connection, it will be automatically connected(In case you have the connect automatically check box(This one?) checked) if you do not want to connect the others.
  Here are some links for reference:
  Setting up a wireless network
  Wireless networking: frequently asked questions
  Best regards
  Michael Shao
  TechNet Community Support

• Zebra QL420 Printer using PEAP (Verisign Certs)

  Hi,
  Has anybody been able to successfully get a Zebra printer QL420 Plus connected to Cisco LWAPP/CAPWAP APs ?
  We are using WPA2 - PEAP with Verisign Signed Server Certificate.

  Yes I have the QL420 + printers working with 5508 WLC and 3502E CAPWAP APs and PEAP
  Fotis - You will most likely find the reason for the slow ping resonce is down to the setting for "Power Mode". You likely have it set to "best". This setting controls how long the device "sleeps" before it awakens and downloads queued traffic from and AP. Setting it to "off" will put the device in to CAM (Constantly Awake Mode). This means that the device never switches its radio card off and never allows traffic to be queued on an AP. However this will mean that the drain on the devices battery will be much greater, I believe there is a slidding scale of settings for this device that go in order of highest battery drain as follows:
  Best
  1
  2
  3
  4
  off
  Off will give you the best performance with maximum battery drain. play with the settings and see which gives best performance/batery drain balance.
  Regards
  Simon

• Certificate Not Verified for Wifi WPA Enterprise

  Hi all
  I have a MDM server to deploy profile to all enrolled devices (iPhone4s, iPad...etc) for wifi setting (WPA2 PEAP SSID: M_WEP_ENT).
  But I found one issue, if users have ever connected to M_WEP_ENT and accepted Certificate.
  After deploying profile to the users' devices, it shows "Not Verified" in Certificate while these users try to connect the wifi with specified SSID.
  And I also install this profile with iPCU, but there is no this problem, iOS just directly to ask users for input user/password again.
  The following is my profile plist setting, does any idea for this issue ?
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  <plist version="1.0">
  <array>
      <dict>
          <key>AuthenticationMethod</key>
          <string>directory</string>
          <key>AutoJoin</key>
          <false/>
          <key>EAPClientConfiguration</key>
          <dict>
              <key>AcceptEAPTypes</key>
              <array>
                  <integer>25</integer>
                  <integer>21</integer>
              </array>
              <key>EAPFASTProvisionPAC</key>
              <false/>
              <key>EAPFASTProvisionPACAnonymously</key>
              <false/>
              <key>EAPFASTUsePAC</key>
              <false/>
              <key>OneTimePassword</key>
              <true/>
              <key>OneTimeUserPassword</key>
              <true/>
              <key>OuterIdentity</key>
              <string></string>
              <key>SystemModeCredentialsSource</key>
              <string>ActiveDirectory</string>
              <key>TLSAllowTrustException</key>
              <true/>
              <key>TTLSInnerAuthentication</key>
              <string>MSCHAPv2</string>
              <key>UserName</key>
              <string></string>
              <key>UserPassword</key>
              <string></string>
          </dict>
          <key>EncryptionType</key>
          <string>WPA</string>
          <key>HIDDEN_NETWORK</key>
          <false/>
          <key>Interface</key>
          <string>BuiltInWireless</string>
          <key>Password</key>
          <string></string>
          <key>PayloadDescription</key>
          <string></string>
          <key>PayloadDisplayName</key>
          <string>WiFi (M_WPA_ENT)</string>
          <key>PayloadEnabled</key>
          <true/>
          <key>PayloadIdentifier</key>
          <string>com.test.wifi.config</string>
          <key>PayloadOrganization</key>
          <string>test</string>
          <key>PayloadType</key>
          <string>com.apple.wifi.managed</string>
          <key>PayloadUUID</key>
          <string>c20997cf-e696-4d48-b685-c88c3633d4a2</string>
          <key>PayloadVersion</key>
          <integer>1</integer>
          <key>ProxyType</key>
          <string>None</string>
          <key>SSID_STR</key>
          <string>M_WPA_ENT</string>
          <key>SetupModes</key>
          <array>
              <string>System</string>
          </array>
      </dict>
  </array>
  </plist>
  The following is the error log from iPCU console while users to click "Accept" "Not Verified" Certificate:
  Jul 10 11:53:06 Miller-iPhone4s mdmd[5534] <Notice>: (Note ) MDM: Transaction completed. Status: 200
  Jul 10 11:53:06 Miller-iPhone4s mdmd[5534] <Notice>: (Note ) MDM: Attempting to perform MDM request: DeviceInformation
  Jul 10 11:53:06 Miller-iPhone4s mdmd[5534] <Notice>: (Note ) MDM: Command Status: Acknowledged
  Jul 10 11:53:06 Miller-iPhone4s Preferences[5566] <Warning>: -[VPNConnectionStore reloadVPN]: The active VPN configuration has changed from  to (null)
  Jul 10 11:53:06 Miller-iPhone4s Preferences[5566] <Warning>: -[VPNBundleController _vpnConfigurationChanged:] (0x160200:<VPNBundleController: 0x160200>): _serviceCount(0), serviceCount(0), toggleInRootMenu(0), RootMenuItem(1)
  Jul 10 11:53:07 Miller-iPhone4s eapolclient[5579] <Notice>: en0 START
  Jul 10 11:53:07 Miller-iPhone4s wifid[547] <Error>: WiFi:[363585187.064848]: Processing link event DOWN
  Jul 10 11:53:07 Miller-iPhone4s wifid[547] <Error>: WiFi:[363585187.224358]: Processing link event UP
  Jul 10 11:53:07 Miller-iPhone4s configd[14] <Notice>: LINKLOCAL en0: parent has no IP
  Jul 10 11:53:07 Miller-iPhone4s kernel[0] <Debug>: AppleBCMWLANCore::setDISASSOCIATE() [wifid]:
  Jul 10 11:53:07 Miller-iPhone4s kernel[0] <Debug>: AppleBCMWLAN Left BSS:       @ 0xc0cbc200, BSSID = 00:21:e9:b8:67:b2, rssi = -61, rate = 54 (100%), channel = 10, encryption = 0x8, ap = 1, failures =   0, age = 0, ssid[13] = "HMDM QA Apple"
  Jul 10 11:53:07 Miller-iPhone4s kernel[0] <Debug>: AirPort: Link Down on en0. Reason 1 (Unspecified).
  Jul 10 11:53:07 Miller-iPhone4s kernel[0] <Debug>: AppleBCMWLANCore::setASSOCIATE() [wifid]:  lowerAuth = AUTHTYPE_OPEN, upperAuth = AUTHTYPE_WPA2_8021X, key = CIPHER_NONE    , 802.1X .
  Jul 10 11:53:07 Miller-iPhone4s kernel[0] <Debug>: [177104.488024000]: AppleBCMWLANNetManager::prepareToBringUpLink(): Delaying powersave entry in order to get an IP address
  Jul 10 11:53:07 Miller-iPhone4s kernel[0] <Debug>: AppleBCMWLAN Joined BSS:     @ 0xc0ff4600, BSSID = 1c:aa:07:17:d3:a0, rssi = -63, rate = 54 (100%), channel = 11, encryption = 0xc, ap = 1, failures =   0, age = 11, ssid[ 6] = "M_WPA_ENT"
  Jul 10 11:53:07 Miller-iPhone4s kernel[0] <Debug>: AirPort: Link Up on en0
  Jul 10 11:53:07 Miller-iPhone4s kernel[0] <Debug>: en0: BSSID changed to 1c:aa:07:17:d3:a0
  Jul 10 11:53:07 Miller-iPhone4s configd[14] <Notice>: network configuration changed.
  Jul 10 11:53:07 Miller-iPhone4s UserEventAgent[12] <Warning>: DEBUG: Changing WiFi state: 0
  Jul 10 11:53:07 Miller-iPhone4s mdmd[5534] <Notice>: (Note ) MDM: Network reachability has changed.
  Jul 10 11:53:07 Miller-iPhone4s mdmd[5534] <Notice>: (Note ) MDM: Network reachability has changed.
  Jul 10 11:53:07 Miller-iPhone4s mdmd[5534] <Notice>: (Note ) MDM: Scheduling poll of MDM server.
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Warning>: -[WiFiManager(Private) _enterpriseAssociationResult:withInfo:]: User Information required
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Warning>: -[<CALayer: 0xd5ecaf0> display]: Ignoring bogus layer size (320.000000, 34359738368.000000)
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSaveGState: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetFillColorWithColor: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetStrokeColorWithColor: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetPatternPhase: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextGetCompositeOperation: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetCompositeOperation: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextFillRects: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetCompositeOperation: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetPatternPhase: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextGetCompositeOperation: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetCompositeOperation: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextFillRects: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetCompositeOperation: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextRestoreGState: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetFillColorWithColor: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetStrokeColorWithColor: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetFillColorWithColor: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetStrokeColorWithColor: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSaveGState: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextAddPath: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: clip: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetFillColorWithColor: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetStrokeColorWithColor: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextGetCompositeOperation: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetCompositeOperation: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextFillRects: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetCompositeOperation: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextRestoreGState: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetFillColorWithColor: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetStrokeColorWithColor: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSaveGState: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetLineWidth: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetLineJoin: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetLineCap: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetMiterLimit: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetFlatness: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextAddPath: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextDrawPath: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextRestoreGState: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetFillColorWithColor: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetStrokeColorWithColor: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSaveGState: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetLineWidth: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetLineJoin: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetLineCap: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetMiterLimit: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextSetFlatness: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextAddPath: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextDrawPath: invalid context 0x0
  Jul 10 11:53:07 Miller-iPhone4s Preferences[5566] <Error>: CGContextRestoreGState: invalid context 0x0
  Jul 10 11:53:08 Miller-iPhone4s kernel[0] <Debug>: AppleBCMWLANCore:startRoamScan(): 2949 Delaying RoamScan; because  Join Mgr Busy 0 isWaitingforIP 1

  this TOTALLY fixed the problem for me
  (which started i believe when i deleted the cache, cookies and security settings stuff in camino, sometimes apparently the certificates don't like, preserve themselves or something...):
  http://support.rhombic.net/knowledge-base/articles/no-root-certificate-with-mail -app
  follow the download links...
  and also
  https://knowledge.verisign.com/support/ssl-certificates-support/index?page=conte nt&id=SO4785&actp=LIST
  (follow the first instruction under the resolution heading)
  I don't know actually if this last link above is helpful but i did it anyways. If you find out, let me know!
  once these have been downloaded to your desktop, double-clicking them automatically opens keychain. Be sure to put them into your X509 Anchors...
  It hasn't resolved everything, but the major websites, its made EVERYTHING a lot easier. and no, i don't want to Archive and Install.

• Replace Radius Certificate, best way?

  Hi
  We currently have a deployment of a WCS, two WiSMs, some 80 APs and around 1000 Clients. They authenticate with WPA2-PEAP against two Cisco ACS Servers. The ACS have valid server certificates. The Clients use all available operating systems on the market.
  I need now to replace the ACS servers with new Windows Radius servers. The new Radius servers also use new certificates from a different reseller. My tests with a test SSID have shown that I need to delete and recreate the connection profile in Windows 7, to be able to connect after the Radius change.
  Any good way on how to achieve the exchange, without making to much work on the client side?
  The clients are all private machines (education), so we can't really deploy anything on them.
  Thanks,
  pato

  The servers have new hostnames, so the Certs would be probably not anymore valid.
  If you add the Wlan to Windows7 by selecting it and click connect, it will automatically put the Validate Option on.
  I guess I won't come around to inform the users to delete and recreate the connection.

• Automatic provision of WLAN profiles to cliets through ISE

  Hi All,
  Our customer was using L3 web auth for corporate users . LDAP was integrated directly with WLC for authentication . Now they want to use L2 web authentication WPA2/PEAP for corporate users . As per my understanding for using L2 auth , we need to create the appropriate SSID profile in end user laptops in order to associate with the SSID . Wheras L3 web auth , dont require that . Simply connect -> then open browser -> redirect to captive portal -> authentication. Customer was habituated with that.
  Hence they dont want to manually create the SSID profiles in laptops . They hav got base ISE licnese(only for AAA). So is there any option to provide the WLAN profiles to customer laptops and mobile devices with the help of ISE .
  Thanks,
  Vijay

  Hi Scott ,
  This way users can click on the SSID and use their AD credentials to  connect. Once they connect, the device will creat a profile and store it  on the device.
  So you mean to say , no need of creating the profile manually in laptop ? We have broadcasted test SSID with WPA2/AES . When we connect to the SSID with win 7 laptops its not asking for AD credentials . Simply it gives errror not able to connect. But when we manually configured the SSID in laptop and connect , it asks for credentials and succeed.
  For latest mobiles , when we connect to the test SSID. it asks the credentials directly and succeed. The issue is for laptops only , that we need to create the SSID prfile manualy in laptops.

• IPad wont get IP address from DHCP Server

  I have an enterprise WPA2 PEAP MSCHAPv2 wireless network. It allows access via 802.1x authentication using Radius (MS IAS Server) with certificates. I can join the network, enter credentials (that I can see work) and get the certificate. The problem is that I don't get an IP address. I get a 169. APIPA address. I tried to use a static IP address and that doesn't work either. I have connected various laptops, iPhones even a Dell Streak to this wireless network without issue. My iPad won't get an IP at all. There are plenty of addresses in the pool.
  The setup is a 3COM WX3008 wireless LAN controller and 9552 access points.
  Any ideas? I went through the articles on wireless settings and none of them help at all. I guess my next step is to wipe the iPad.
  Like I said... EVERYTHING else works, every other device we try is surfing just not the iPad.

  I see what you are trying to say but in this case its just not true. There is a problem with the iPad. Moving away from the most secure wireless technology or changing my "router" isn't a reasonable solution. We are using a current production model enterprise wireless LAN controller with lightweight access points. Its running its latest code. Its not the Free After Rebate model from the local B&M.
  Again, when everything BUT the iPad works (iPod/iPhone/laptops of varying OS & vendor are all good) its not the routers fault. While downgrading my network may work it is not a reasonable solution to a problem with only the iPad.
  Of course I don't like hearing it. I am here to hopefully find someone else with the same issue or get some tips that lead to a solution so the next google searcher will land on a solution.