Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2965
Views
5
Helpful
4
Replies

802.1x certificate based authentication on Cisco 3850.

network_geek1979
Level 1
Level 1

‎06-02-2018 08:13 AM - edited ‎02-21-2020 10:57 AM

Folks,

We are looking at some help on certificate based authentication on our Cisco 3850 for LAN based authentication. The authentication feature is planned to be rolled out only on ports which are in the user VLAN and for other ports we would use MAC based authentication. We are going to authenticate against ACS 5.5.

 

Any suggestions on proceeding with this. I had received some solutions initially but all we see on the ACS is some MAC address trying to authenticate. The does not succeed.

 

Please provide me with some suggestions on getting this going.

 

 

Regards,

N!!

Labels:
0 Helpful
4 Replies 4

hslai
Cisco Employee
Cisco Employee

‎06-02-2018 08:19 PM

ACS 5.5 has reached its last date of support, per End-of-Sale and End-of-Life Announcement for the Cisco Secure Access Control System 5.5. ACS 5.8 has reached End of Sale and is only a couple of months away until the end of software maintenance. Thus, please plan on migrating to ISE by reviewing the info @ http://cs.co/acstoise

 

In order for an endpoint to perform certificate-based 802.1X, the endpoint needs an identity/personal certificate suitable for EAP-TLS client authentication and the 802.1X supplicant on the endpoint OS configured to do so. Certificates / Private Key Infrastructure (PKI) has several materials for reference.

 

0 Helpful

network_geek1979
Level 1
Level 1
In response to hslai

‎06-03-2018 12:43 AM

Yes, we are aware on the EoL for the Cisco ACS. However, the replacement plans are futuristic. As an immediate need I actually need to get in some security on my existing infrastructure so looking at help in that.

 

Could someone please provide some guidelines on 802.1x security with use of certificates on Cisco 3850 switches with the ACS please?

0 Helpful

hslai
Cisco Employee
Cisco Employee
In response to network_geek1979

‎06-03-2018 07:02 AM

The configuration on the client side is the same for ISE and ACS. For ACS configuration, please check out the following:

 

Solved: 802.1x EAP-TLS for wired users with ACS... - Cisco Support Community

Lab Minutes has several videos on ACS —> Video: Security - ACS | Lab Minutes

getaway51
Level 2
Level 2
In response to hslai

‎04-09-2019 11:32 PM

Hi,

 

May i knw whether "aaa authorization network" cmd will affect anything currently in the switch like telnet, ssh,etc? Do i really need these 2 cmd below for 802.1x authentication with radius server? or "aaa authentication 802.1x..." is sufficient?

 

awitch(Config)# aaa authorization network default group radius
Switch(Config)# aaa accounting dot1x default start-stop group radius

 

0 Helpful
Customers Also Viewed These Support Documents