Certificate Help? - Setting up Cisco Aironet 1130AG for WPA using MS Server 2008 NPS RADIUS Authenication
Posted on 2010-04-06
I'm trying to set up a Cisco Aironet 1130AG wireless access point to use WPA - we have been using WEP but are undergoing an IT audit and WPA is a necessity. In order to use WPA, the Aironet must point to a RADIUS server for authentication. I have a MS Server 2008 Domain Controller that has the NPS role installed on it, and I want to use domain credentials for authentication to the AP.
I do have some experience using RADIUS authentication - we have a Cisco ASA that uses IAS in Server 2003 to authenticate SSL VPN traffic, which I had no problem setting up. However, I don't have much experience with wifi or NPS in Server 2008, and it's different enough from IAS that I'm having trouble.
When I set this up according to some documentation I have found, and then try to connect to the AP, I don't even get prompted for credentials - just get the message that it can't connect to the network. Digging into the error messages on the laptop I'm trying to connect with yields the following statement:
Result of diagnosis: Problem found
Issue referred to: EAP Helper Class
Root cause (EAP):
A certificate could not be found that can be used with theis Extensible Authentication Protocol.
Detailed root cause:
Based on this and some internet research, it appears that I will need a server certificate (on the RADIUS server?) and client certificates on each client that wants to connect to the AP. To be honest, I'm not sure where to begin with that.
Would anyone be kind enough to provide some step-by-step instructions on how to set up a certificate to do this, and specifically how I should set up the Network Policy on the 2008 RADIUS server? I have searched the internet and found much information, but none specifically addressing how to do this with the Aironet. I have a pretty good understanding of the Aironet but if there's any special steps that need to be done there, that would be appreciated.