Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco Aironet APs: Client-Authentication with Certificates? - Best Practices?



We currently are happily using like 8 aironet AP's (1242ag & 1200 models) for providing a guest-WLAN for our company Headquarter.

They all run in standalone mode (root APs).


Now we are thinking about providing a second SSID that points to another VLAN, which is our company's internal LAN.

First thought was to make it authenticate against Active Directory per MS NPS. But that would have the disadvantage that usernames could also be used on the worker's private notebooks to gain access, which we don't like.

So we decided to use certificate authentication, and each notebook gets a certificate, which can also be revoked and so on.


What's the best way to implement that?

There's plenty of infos on the net, but none of it fits 100% to our needs.

Microsoft NPS can authenticate with certificates. - Can aironet APs be configured to authenticate Clients against NPS with certificates. This info i could not find anywhere.


What would be the best way to do this?

Do we need to purchase a Cisco wireless LAN controller?  And set up LWAPP?  This would be maybe overkill in my opinion, considering our general network size.  But if this is the only possiblity we might do so.


Thanks in advance!

Regards, ND.


  • Security and Network Management