cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1045
Views
0
Helpful
2
Replies

802.1x ACS 5.2 and AD

patrick-clancy
Level 1
Level 1

Hi,

I would like to enable 802.1x to replace an existing Cisco port security implementation. This will provide us
a greater mobility as workstations are moved within the network.

Planning on using 802.x for devices that are on the AD domain and MAB for devices that don't either have
in-built supplicants or not in the domain.


Can someone please advice if I am able to do this without using certificates? Would EAP work without having certificates?
I see that when the Windows supplicant is being configured to enable 802.1x, it is asking for certificate.


Thanks

2 Replies 2

Faisal Sehbai
Level 7
Level 7

Patrick,

You can do PEAP with Certificate Checking turned off. It's not as secure, but it would give you the option of user authentication without worrying about certificates at all. For the non-supplicant devices, you will have to have a database of MAC addresses ready to do MAB.

HTH,

Faisal

--

If you find this post helpful, please rate so others can find the answer easily

Hi Faisal,

Without certificates does it mean that the machines would have to be authenticated agains AD with their computer object?

Also if I do decide to go with certificate does it mean that non domain devices can be authenticated with belonging to the domain

Thanks