Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


EAP-TLS with Cisco ACS 5.2

Posted on 2011-04-27
Medium Priority
Last Modified: 2012-05-11
We are attempting to get EAP-TLS authentication working for wireless devices on our network.  We have the following infrastructure in place.

Cisco 1252AG Lightweight APs
Cisco 4402 Wireless LAN Controller
Cisco Secure ACS 5.2
Windows 2003 level Active Directory

We are trying to keep all our servers running Windows 2008 R2.  We are trying to support Win XP, Win 7, iOS, and Android wireless clients.  Our goal is to use AD Username and Password along with a certificate installed on the clients.  This would give us the ability to revoke a certificate if a laptop, tablet, phone, etc. is lost or stolen.  It also protects us against users not protecting their passwords properly.

We DO NOT have Domain Admins or Enterprise Admins permission for active directory as we are a subsidiary company and our parent has control of AD.  We have been told the only way to do this was to use NPS on one of our Win 2008 R2 servers, but we do not have sufficient permissions to set this up.  Our parent company is still over a year away from being able to provide this for us, but we need to move forward with our projects now.  Do we really need NPS to process the policies for wireless logins, or can we use the policy enforcement built into ACS?  Is there another way we could pull this off without increasing administrative burden after implementation too much and still be able to disable a lost or stolen portable device?

Question by:blyons2
LVL 47

Accepted Solution

Craig Beck earned 2000 total points
ID: 35482000
Without Domain Admin rights you will still require the parent company to configure most of this.  You could use the ACS instead of NPS but you will still need to perform some administrative tasks on the AD.
LVL 72

Expert Comment

ID: 35937218
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
Each password manager has its own problems in dealing with certain websites and their login methods. In Part 1, I review the Top 5 Password Managers that I've found to be the best. In Part 2 we'll look at which ones co-exist together and why it'…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question