Specifications
Cisco Systems, Inc.
All contents are Copyright © 1992–2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 36 of 42
Figure 6-24
Wireless Networks Properties Configuration
At the end of above configuration steps, Microsoft XP clients should be able toauthenticate to the enterprise WLAN
using EAP-TLS.
6 Troubleshooting Tips for EAP-TLS
A modular troubleshooting approach is recommended for EAP-TLS. As discussed earlier in this document, three
major components of EAP-TLS are EAP-TLS client, network access server (the access point), and the AAA server.
Certification authority server infrastructure is also covered in this section.
Following are some troubleshooting tips for EAP-TLS:
1. Verify the configuration of the access point as described in Section 6.3.
2. Verify the configuration of Windows XP as described in Section 6.4. Ensure that EAP-TLS is configured for the
user account. (Be aware that multiple user accounts and profiles could exist on a Windows XP client.)
3. If you see a message that indicates that Windows XP is failing to find a certificate to authenticate to the network,
verify that you have installed a client certificate for the user account. The client certificate is invalid if the EKU
field does not contain the “Client Authentication” OID (as described in sections 5.2.1 and 6.4.1).
4. Verify that the client certificate is formatted as X.509 Version 3.
5. Verify that the user account is the same name (username or user ID) as in the certificate.