I have just read the above doco from Cisco and it is very good indeed.
I do have a couple or questions though.
Question 1. the section Create the Necessary Configuration for WPA2/WPA
They setup the WLAN for WPA/WPA2 which is what we want to do.
in the section CLIENT Configuration for EAP-TLS using Windows Zero Touch
they use the network authentication as OPEN and data encrytion as WEP?
Is there a reason for this?
Question 2. (think I may have asked this before) They dont actually mention when the certificates are exchanged between the ACS server and the client (is there one or two certificates, one for computer and one for user?). It says "EAP-TLS authentication requires computer and user certificates on the wireless client" so does a certificate exchange between the client workstation and ACS server happen twice?
If twice, is the first one pre-winlogon and the second one during winlogon?
Many thx guys,