We recently introduced CISCO LEAP authentication, via Radius ACS servers. LEAP is fully supported by the CISCO Access Point 350, 1100 and 1200.

I was lookink into the possibility to integrate existing Apple Airport base Stations, but my experience is negative.

By looking to the configuration of the Airport, via the Admin Utility there is one Configuration panel dedicated to the Authentication. This allows to specify to use a RADIUS server as authentication server.
By configuring the Aiport base station to point to our CISCO ACS Radius server, the authentication requests are forwarded to the Radius server, but the authentication does not work.
This is visible by looking to the CISCO ACS log that clearly report for a Bad request from NAS.

Does anybody knows if this is posssible?

Many thanks

Andrea Baldi
ESA ESRIN

Hmmm...I'm pretty good with the ACS and LEAP...

"Bad request from NAS" usually means that the 'shared secret key' on the ACS and AP do not match.

Check the AP's configuration in 'system configuration' in the ACS. Verify the shared secret, then re-enter it into the AP to be sure.

ACS default radius ports are 1812 and 1813. Verify what the Airport is using.

AHHH! Check this: You've got to check the draft versions of 802.1x that the Cisco/Apple client software is using, and match that with the version implemented on the Airports. If the versions (latest is draft 11, functionally equivalent to draft 10) don't match, you won't be able to do any type of 802.1x authentication. Cisco has a table in the release notes of the software version of the APs and clients that will tell you the 1x draft version they run; then check Apple docs.

I have a similar issue! I am currently using ACS to authenticate my RF LAN. The network consists of Cisco 1200 APs, 1100 series set to workgroup bridges and 350 series for PCMCIA . These two devices are using LEAP. I also have a PEAP device for serial connectivity. This is all working fine!. I am trying to introduce a 3Com 11a/b/g workgroup bridge to do the job of the Cisco 1100. The 3Com will not authenticate and I getthe message Bad request from NAS in my ACS log. The 3Com is configured the same as the 1100 series, but it requires PEAP instead of LEAP. As mentioned before, I already have PEAP devices working therefore certificates etc are already in place. Any thoughts?