We are using 802.1x authentication for our staff WiFi network. Our wireless infrastructure consists of a pair of Cisco 2504 WLC (configured for HA) and 10 Cisco APs. Over the past year, we completed a server infrastructure overhaul that included upgrading our domain schema from 2008 to 2012R2, which also meant migrating and upgrading our NPS server (RADIUS) as well the Enterprise CA (AD CS). We had some minor headaches with 802.1x authentication after the upgrade from 2008 to 2012R2, but I was able to find the root cause relatively quickly. The CRL Distribution point was not changed to reflect the new host name of the CA. We also decided to federate with ADFS as part of the overhaul so we could leverage Azure MFA server for VPN access. Shortly after rolling out ADFS we started to experience the fallout of "password spray attacks" which...
↧