I am trying to install wireless security environment in a costumer network. All cisco devices, WLC and APs are working correctly with guest users, Web Auth.
I would like to install computer certificates for employers. I have installed a root CA in a windows server 2003 enterprise and IAS in other windows server 2003 in the domain. I configure WPA2+801.X in the WLC and WPA2+PEAP with MSCHAPv2 in the employer computer and install a computer certificate in ti. The problem is I get to authenticate inside the networking employ environment straight away with or without certificated.
Some one knows if I need use something else to stop the domain users without the computer certificated and validate computers with it??
thank you very much in advance,
Hii Oscar ,
As i understood that your requirement is to allow specific users only to access the network that have client side certificate , right ?
SO if that is the case you have to use EAP-TLS , you have to provide client side cerificate to all users.
for this :
Client/Laptop : select WPA2+AES , with EAP-TLS
SSID on Controller: WPA2+AES with 802.1x
Radius : should support EAP-TLS and you need to install proper Certs there
Hope this helps