https://community.cisco.com/t5/wireless/wlan-using-eap-tls/m-p/1894986#M10683 <HTML><HEAD></HEAD><BODY><P>Under EAP-TLS, does the wireless login process involved user authentication beside client certificate?&nbsp; One of the primary trigger for us to look into this option is to get a two-factor authentication setup for the wireless network.</P><P></P><P>Thanks.</P></BODY></HTML> Wed, 07 Mar 2012 00:14:58 GMT raymng 2012-03-07T00:14:58Z https://community.cisco.com/t5/wireless/wlan-using-eap-tls/m-p/1894984#M10681 <P>Currently we have WLC 4402 and wide range of AP. We use WAP2 with EAP-PEAP-MSCHAP for the WLAN security setup.&nbsp; We use MS IAS as radius server.</P><P></P><P>Recently, we want to find a way to control what type of wireless devices that can join to our WLAN.&nbsp; One idea is deploying client certificate and use EAP-TLS for authentication.&nbsp; Does this sound a reasonable approach?&nbsp; Or there is a better way to achieve the objective than using EAP-TLS?&nbsp; I have not done EAP-TLS before and I am not sure if I am opening up a big "can of worm" in this direction.</P><P></P><P>Furthermore, does EAP-TLS only works with WEP encryption?&nbsp; Is TKIP or AES not supported?</P><P></P><P>Thanks.</P><P></P><P>p.s.</P><P>if there are any good documents around EAP-TLS with wireless deployment, please let me know. thx.</P> Sun, 04 Jul 2021 04:43:50 GMT https://community.cisco.com/t5/wireless/wlan-using-eap-tls/m-p/1894984#M10681 raymng 2021-07-04T04:43:50Z https://community.cisco.com/t5/wireless/wlan-using-eap-tls/m-p/1894985#M10682 <HTML><HEAD></HEAD><BODY><P>Well the WLC configuration is the same... No change. It's on the IAS you would specify EAP-TLS. It is a good option as long as all your devices support EAP-TLS.</P><P></P><P>Thanks,</P><P></P><P>Scott Fella</P><P></P><P>Sent from my iPhone</P></BODY></HTML> Tue, 06 Mar 2012 01:52:05 GMT https://community.cisco.com/t5/wireless/wlan-using-eap-tls/m-p/1894985#M10682 Scott Fella 2012-03-06T01:52:05Z https://community.cisco.com/t5/wireless/wlan-using-eap-tls/m-p/1894986#M10683 <HTML><HEAD></HEAD><BODY><P>Under EAP-TLS, does the wireless login process involved user authentication beside client certificate?&nbsp; One of the primary trigger for us to look into this option is to get a two-factor authentication setup for the wireless network.</P><P></P><P>Thanks.</P></BODY></HTML> Wed, 07 Mar 2012 00:14:58 GMT https://community.cisco.com/t5/wireless/wlan-using-eap-tls/m-p/1894986#M10683 raymng 2012-03-07T00:14:58Z https://community.cisco.com/t5/wireless/wlan-using-eap-tls/m-p/1894987#M10684 <HTML><HEAD></HEAD><BODY><P>No, there is no password transmitted during EAP-TLS authentication.&nbsp; EAP-TLS relies upon the authenticating client having a valid certificate with a name that matches an account on the authentication server.&nbsp; </P><P></P><P>If you require two-factor authentication you will need to use a RADIUS server that supports it or can proxy to something that does.</P></BODY></HTML> Sat, 10 Mar 2012 00:25:40 GMT https://community.cisco.com/t5/wireless/wlan-using-eap-tls/m-p/1894987#M10684 8jwilliams 2012-03-10T00:25:40Z https://community.cisco.com/t5/wireless/wlan-using-eap-tls/m-p/1894988#M10685 <HTML><HEAD></HEAD><BODY><P>A PKI is a large undertaking for larger enterprises. Not something you just throw up over night. I would read up and test before committing to EAP-TLS.</P></BODY></HTML> Sun, 11 Mar 2012 17:10:08 GMT https://community.cisco.com/t5/wireless/wlan-using-eap-tls/m-p/1894988#M10685 George Stefanick 2012-03-11T17:10:08Z