EAP-TLS with Cisco ACS 5.2

Posted on 2011-04-27
Last Modified: 2012-05-11
We are attempting to get EAP-TLS authentication working for wireless devices on our network.  We have the following infrastructure in place.

Cisco 1252AG Lightweight APs
Cisco 4402 Wireless LAN Controller
Cisco Secure ACS 5.2
Windows 2003 level Active Directory

We are trying to keep all our servers running Windows 2008 R2.  We are trying to support Win XP, Win 7, iOS, and Android wireless clients.  Our goal is to use AD Username and Password along with a certificate installed on the clients.  This would give us the ability to revoke a certificate if a laptop, tablet, phone, etc. is lost or stolen.  It also protects us against users not protecting their passwords properly.

We DO NOT have Domain Admins or Enterprise Admins permission for active directory as we are a subsidiary company and our parent has control of AD.  We have been told the only way to do this was to use NPS on one of our Win 2008 R2 servers, but we do not have sufficient permissions to set this up.  Our parent company is still over a year away from being able to provide this for us, but we need to move forward with our projects now.  Do we really need NPS to process the policies for wireless logins, or can we use the policy enforcement built into ACS?  Is there another way we could pull this off without increasing administrative burden after implementation too much and still be able to disable a lost or stolen portable device?

Question by:blyons2
    LVL 44

    Accepted Solution

    Without Domain Admin rights you will still require the parent company to configure most of this.  You could use the ACS instead of NPS but you will still need to perform some administrative tasks on the AD.
    LVL 67

    Expert Comment

    This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Suggested Solutions

    Title # Comments Views Activity
    Website for comparisons 3 39
    firefox and saved loggins 5 45
    Sonicwall Scheduling 4 16
    PDF slideshow on a dynamic folder 12 18
    #Citrix #Citrix Netscaler #HTTP Compression #Load Balance
    Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now