Question: What does the EAP-PEAP client configuration for dot1x users look like on Windows XP laptops?
Product and Software: This article applies to all Aruba controllers and ArubaOS versions.
(The following screen shots are from a Windows client PC. However, the settings are common on all client workstations.)
Most Windows users use the built-in utility, so this article assumes that you will be using the Windows Zero Configuration Utility.
To configure the wireless client, select the Wireless Zero Configuration Utility from the Properties menu of the wireless card.
On the Wireless Networks tab, click Add.
On the Association tab, enter the SSID and choose WPA for the authentication and TKIP for the encryption.
On the Authentication tab, choose Protected EAP and leave the "Authenticate as computer when computer information is available" option checked.
Click Properties. Uncheck "Validate server certificate" and choose "Secured password (EAP-MSCHAP v2)" for the Authentication Method.
Click Configure and uncheck the only option.
Click OK to save the configuration.
Security warning: Unchecking the “Validate server certificate” in EAP-MSCHAPv2 environments introduces significant security threats as the MSCHAPv2 authentication can no longer be considered secure. Only if certificate validation is configured correctly, EAP-MSCHAPv2 should be considered in production environments. Do not turn off this validation option in production networks.