WPA2-Enterprise with Active Directory and PEAP-EAP-MSCHAPv2

In this video we configure an SSID called ISE-Radius to authenticate using Cisco ISE. This configuration will use Active Directory as the backend identity store. We will then test using a windows 10 machine that is joined to active directory.

Advertisements

3 thoughts on “WPA2-Enterprise with Active Directory and PEAP-EAP-MSCHAPv2

  1. Pingback: Cisco ISE & Meraki How-To Videos – Wirelessly WIRED

  2. HI Alex,
    hope you are doing well. Thank you so much for Vbog. I really appreciate all ISE and Meraki video. I have similar set up as per your video. ISE 2.3.0, Meraki AP Windows and MAC client for testing.

    I am following all the video step by step and creating similar lab as yours. My final goal is to cert base authentication for Wireless device.
    So far I completed
    Wireless SSID with the internal user on ISE and WPA2-Enterprise with AD and PEAP-EAP- MSCHAPv2

    both scenarios worked perfectly for me on my apple devices (including AD integration )

    but If I use or try the same scenario on any windows machine. it not working at all. it not hitting any policy.
    window laptop is not able to connect at all. but all apple device works.

    any suggestion or any help ?

    Like

    • I would imagine you are probably running into certificate trust issues on the windows machines. For testing you can do a couple things. 1st thing you can do is download ISE’s self signed certificate and install it as a trusted root CA. You can also pre-build the SSID and uncheck the certificate validation in the profile. This is not a good idea for production but can be useful for testing.

      Like

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s