Cisco aironet validating identity

20-Jul-2016 17:20

We will configure the server so that it supports PEAP using MS-CHAPv2 for password authentication but we’ll also look at EAP-TLS which can be used to authenticate clients using certificates that we will generate on the server.

In this tutorial we will configure the following components on the server: Active Directory (AD) is where we store all the user accounts, it’s the central database that we use for authentication.

You can specify if you want this server to be a new Root CA or if you want it to be a Subordinate CA. The default CA name is also fine, it will use the computer name and domain name for this. The default validity period for the root CA certificate is 5 years. You can read the introduction if you like or click on Next to continue.

The default role services are fine, click Next to continue.

EAP-TLS is the most secure form of wireless authentication because it replaces the client username/password with a client certificate.

cisco aironet validating identity-14cisco aironet validating identity-64

Certificate services will be used to install the server as a root CA so that we can generate a computer certificate that will be presented to wireless clients and to generate the client certificates for EAP-TLS.

IIS is the web server and we will use it so that EAP-TLS clients can easily request a certificate with their web browser for their wireless connection.

Last but not least, NPS is the RADIUS server and that’s where we will configure some wireless policies. You will see the following screen that indicates the installation progress: Once the installation is done you might receive a warning about Windows automatic updating. We will have to select the Forest Functional Level.

The certificate server can be part of the domain and use active directory or run as stand-alone.

We want it to use the active directory so select Enterprise and click on Next. The default cryptography parameters are fine, click Next to continue. If you selected the web enrollment option you will see the installation wizard for IIS.

Certificate services will be used to install the server as a root CA so that we can generate a computer certificate that will be presented to wireless clients and to generate the client certificates for EAP-TLS.IIS is the web server and we will use it so that EAP-TLS clients can easily request a certificate with their web browser for their wireless connection.Last but not least, NPS is the RADIUS server and that’s where we will configure some wireless policies. You will see the following screen that indicates the installation progress: Once the installation is done you might receive a warning about Windows automatic updating. We will have to select the Forest Functional Level.The certificate server can be part of the domain and use active directory or run as stand-alone.We want it to use the active directory so select Enterprise and click on Next. The default cryptography parameters are fine, click Next to continue. If you selected the web enrollment option you will see the installation wizard for IIS.When PEAP wireless clients try to connect to the network, the RADIUS server will present a computer certificate to the user to authenticate itself.