Monthly Archives: December 2015

Install Certification Authority on Server 2012 R2

Microsoft’s Certification Authority is designed on Public Key Infrastructure, the CA is responsible for attesting to the identity of users, computers and organizations. the CA authenticates an entity and vouches for an identity by issuing a digital certificate which is signed by the CA. The CA also manages the revocation and renewal of certificates. Certificates… Read More »

Configure RADIUS Authentication on Server 2012 R2 for Cisco Devices

In this step-by-step guide we will setup NPS as a RADIUS server to authenticate users for our Cisco 3560X switch, this process will work on most Cisco switches and routers. In this example we will be using two AD security groups to define level 15 and level 1 user access. This is a good practice, for… Read More »

Install Network Policy Server (NPS) on Server 2012 R2

NPS (Network Policy Server) is also known as RADIUS, NPS allows you to create and configure network access policies for client health, connection request authentication, and connection request authorization. NPS can also be used to set-up a RADIUS proxy, which is used to forward remote access connection requests to another RADIUS server that can authorize or… Read More »

Cisco Wireless – Central Authentication using EAP-FAST with vWLC as the AAA Server

EAP-FAST – Flexible Authentication via Secure Tunnelling is a proprietary 802.11X authentication method from Cisco. FAST does not require certificates, the protocol creates a tunnel between the user and AAA server and uses PAC – Protected Access Credentials as part of the algorithm, clients must support this in order to be compatible. Not all clients will… Read More »

Cisco Wireless – Setting up FlexConnect aka “H-REAP” with Local Switching of Multiple VLANs

FlexConnect also known previously as H-REAP – “Hybrid Remote Edge Access Point” is usually set-up for branch sites which are connected via a WAN link, FlexConnect access points have the ability to perform local switching and authentication, which means they can make layer 2 forwarding decisions without having to send them up to the WLC… Read More »