Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
548
Views
0
Helpful
1
Replies

AAA Authentication Question

Go to solution
ybilteryst
Level 1
Level 1

‎01-05-2011 06:17 AM - edited ‎03-10-2019 05:41 PM

I'm using ACS 4.2 and I defined in global Authentication Setup the EAP to use EAP-MSCHAPv2 and EAP-TLS.

For some of my users I would like to put in place 802.1x on wired with EAP-TLS only. How to do to restrict EAP-TLS use only on a set of devices (Cisco LAn switches for example or for WLC Controller)?

Thanks in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Federico Ziliotto
Cisco Employee
Cisco Employee

‎01-05-2011 06:22 AM

Hello,

You could use Network Access Profiles (NAPs) to filter the Radius access-request based on the AAA client and EAP protocol in use:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/NAPs.html#wp1271917

You cannot explicitly force AAA clients to use a specific EAP authentication method, but you could filter access-requests based on both the AAA client they come from and the EAP authentication method in use.

Hope this helps,

Fede

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Federico Ziliotto
Cisco Employee
Cisco Employee

‎01-05-2011 06:22 AM

Hello,

You could use Network Access Profiles (NAPs) to filter the Radius access-request based on the AAA client and EAP protocol in use:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/NAPs.html#wp1271917

You cannot explicitly force AAA clients to use a specific EAP authentication method, but you could filter access-requests based on both the AAA client they come from and the EAP authentication method in use.

Hope this helps,

Fede

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

0 Helpful
Customers Also Viewed These Support Documents