@Zakaria wrote:
Hi,
I have configured 802.1X using a NPS-Based authentication. The users are authenticated using their Active Directory Credentials. I have never create an SSID with certificate authentication that is why i asked the question
Thx again
If that is the case, you don't have to change anything on the Aruba side. The 802.1x setup is the same. You can even reuse the same 802.1x SSID if you want.
To add EAP-TLS configuration (assuming you already have a CA configured) you need to:
1. Change your Wireless LAN Remote Access policy on the NPS so that it allows "smartcard or certificate" instead of or in addition to PEAP
2. Distribute certificates to your clients in active directory, either manually, or using certificate autoenrollment. This can be done via group policy, if you want http://technet.microsoft.com/en-us/library/bb456981.aspx
3. Configure your wireless LAN clients to use Smartcard or certificate and simple cert selection, instead of PEAP/MSChapV2.