Cisco WLC: EAP-TLS Secured Wireless with Certificate Services
KB ID 0001420 Problem Ah certificates! If I had a pound for every time I’ve heard “I don’t like certificates”, I could retire! The following run through is broken down into the following parts; Setup the Cisco WLC (WLAN) Setup NAP (RADIUS). Setup Certificate Auto Enrolment. Setup Group Policy to Deliver the Wireless Settings. Note: If you are scared of certificates, sometimes it’s easier to setup password...
Windows ‘Always On’ VPN Part 2 (NPS, RAS, and Clients)
KB ID 0001403 Problem Back in Part One, we setup the AD (Groups,) and the Certificate services that will knit everything together. Now we need to configure an NPS server that acts as a RADIUS server for our remote clients, And a RAS Server that our remote clients will connect to. Step1: Network Setup Microsoft have an alarming habit of telling you to connect DMZ assets to the LAN. In their defence I’ve seen some documentation...
HP MSM Controller – Using RADIUS With Windows Server
KB ID 0000922 Problem I’m very disappointed with HP, theres next to no information on how to do this. My plan was to secure wireless access with certificates, so only clients with a valid digital certificate could authenticate and connect to the wireless. After spending nearly a whole day on the phone to various technical support departments at HP, this remained an impossible requirement! In the end, as the client only had a...
Cisco ISE – Basic 802.1x With Windows Part Two – Configuring 802.1x Policies
KB ID 0001075 D Problem Back in Part One, we joined Cisco ISE to Active Directory, now we we will take the built in ISE policies and change them. This will allow our clients to authenticate, with the correct protocols. Solution 1. By default ISE will use pretty much any available protocol, we are going to use PEAP, although I’m also going to allow EAP-TLS (it’s more secure and if I start rolling out certificates I’ve...
Cisco ISE – Basic 802.1x With WindowsPart Four – Configuring The Windows Clients (Supplicants)
KB ID 0001083 Problem Back in Part Three we setup the switches ready to plug in our clients. I’m going to configure the Windows clients by Group Policy. But I suggest you carry out tests using single Windows clients and LOCAL policy until you know you have everything setup correctly. WARNING: Rolling this out without adequate testing, can resolve in all your Windows clients falling off the network Solution 1. On a DC or a...