How to do 802.1x with 3550 switch and Windows IAS

[netchaser]

I want to setup a basic 802.1x with a switch and Windows IAS (tab to an AD). I want to do basic user authentication (where users enter his/her AD account to login). I want to use the Windows 802.1x client as the supplicant.

Does anyone have a simple "cut and paste" configuration that I can see to get a head start? I've searched through numerous websites and non of that really worked. I can get the switch to authentiate with IAS for user login (enable access) but when I put a client to a protected port it kept saying authentication failed. Strange thing is on the IAS side I don't see any logged attempts from the switch at all.

Thanks,
Thomson.

 

[brianinms]

http://blog.scottlowe.org/2006/12/07/8021x-integration-with-active-directory/

 

[netchaser]

I tried using MD5-CHAP but it requires the user account on AD to be able to use reverse encryption + needs the user to change/reset password.

Is there an EAP mentod thaT i can use to avoid this? Does MSCHAP-PEAP-V2 requires this?

 

[brianinms]

That I can't tell you as I have never configured dot1x to IAS, I always use NAC Framework and hence a Cisco ACS server.

 

[netchaser]

What exactly does it mean when it said that PEAP MSCHAP v2 requires a Certificate on the IAS/Server end?

Does it mean it has to have a certificate on the IAS server itself or does it point to something?

 

[brianinms]

http://alextch.members.winisp.net/8...nal network with 802.1x and Microsoft PKI.htm