Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2092
Views
6
Helpful
4
Replies

WLAN using EAP-TLS

Go to solution
raymng
Level 1
Level 1

‎03-05-2012 05:49 PM - edited ‎07-03-2021 09:43 PM

Currently we have WLC 4402 and wide range of AP. We use WAP2 with EAP-PEAP-MSCHAP for the WLAN security setup.  We use MS IAS as radius server.

Recently, we want to find a way to control what type of wireless devices that can join to our WLAN.  One idea is deploying client certificate and use EAP-TLS for authentication.  Does this sound a reasonable approach?  Or there is a better way to achieve the objective than using EAP-TLS?  I have not done EAP-TLS before and I am not sure if I am opening up a big "can of worm" in this direction.

Furthermore, does EAP-TLS only works with WEP encryption?  Is TKIP or AES not supported?

Thanks.

p.s.

if there are any good documents around EAP-TLS with wireless deployment, please let me know. thx.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎03-05-2012 05:52 PM

Well the WLC configuration is the same... No change. It's on the IAS you would specify EAP-TLS. It is a good option as long as all your devices support EAP-TLS.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎03-05-2012 05:52 PM

Well the WLC configuration is the same... No change. It's on the IAS you would specify EAP-TLS. It is a good option as long as all your devices support EAP-TLS.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
raymng
Level 1
Level 1
In response to Scott Fella

‎03-06-2012 04:14 PM

Under EAP-TLS, does the wireless login process involved user authentication beside client certificate?  One of the primary trigger for us to look into this option is to get a two-factor authentication setup for the wireless network.

Thanks.

0 Helpful

Go to solution
8jwilliams
Level 1
Level 1
In response to raymng

‎03-09-2012 04:25 PM

No, there is no password transmitted during EAP-TLS authentication.  EAP-TLS relies upon the authenticating client having a valid certificate with a name that matches an account on the authentication server. 

If you require two-factor authentication you will need to use a RADIUS server that supports it or can proxy to something that does.

Go to solution
George Stefanick
VIP Alumni
VIP Alumni

‎03-11-2012 10:10 AM

A PKI is a large undertaking for larger enterprises. Not something you just throw up over night. I would read up and test before committing to EAP-TLS.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card