I am trying to set up a mixed vendor NIC wireless environment and have opted to use EAP-TLS. I am however having some problems getting it to work. I am using AP1100, Aironet 350 PCMCIA cards , Microsoft CA, and ACS3.1. I have successfully setup the client and ACS side certificates and followed the instructions on the EAP-TLS Deployment Guide for Wireless networks which I downloaded off CCO. When I run a "debug radius" on the Access point I dont see any debug info. When I reconfigure everything for LEAP I can then see the AP radius debugs. Does anyone have any tips or recommendations ? I have upgraded XP to service pack 1 ? If you could perhaps direct me to a more comprehensive installation document I would also appreciate it .
These debugs are for an AP350 , I am using an AP1100.
I have subsequently managed to get EAP-TLS working on XP.
The problem I am encountering now is that when I log onto the machine locally everything works fine. When I authenticate to the domain I keep getting " domain unavailable " error message.
I think the reason for this is that because the wireless network is not authenticated and up and running when you enter your authentication details on XP to logon to the domain. The XP machine see's it as having no network connection and returns the domain unavailable message.
Does anyone have any ideas with regards to this problem ?
Are you using Cisco Secure ACS for radius authentication ? If so try enabling debugging on the radius and see if you are getting authentication failures. If so I would probably try reinstalling the server and client side certificate, and running the debug again to see if the client authenticates.
I know the CN= field of the certificate on the client must correspond to the username being used to log onto the machine, you could possible check that out aswell.