@r.ertel wrote:
Hey All,
I am setting up a new profile using 802.1x with Window NPS. I have a couple of questions. I have users 50/50 split of windows and mac's and am planning on using eap-peap eap-mschapv2 for eap method to NPS not terminating on the controller. Does anyone have any advice on that choise both eap method wise and termination or not on the controller?
My second question pertains to a cert. for the NPS server. I was going to use Thawte as a CA and would like to know the verbage used in identifying the correct cert for this set up.
Thanks,
rif
If you are using NPS and those Windows devices are domain computers, you should use your own internal CA, because all of your Windows devices will already trust it. No matter what certificate you use on your radius server, IOS devices will ALWAYS prompt the user to accept it the first time, so there is no advantage to choosing an external CA.
If you want to use an external CA, however, it is your choice, and Thawte should have instructions on how to set it up on a NPS server. An SSL or Web server Certificate is just fine for your application.