cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1130
Views
5
Helpful
4
Replies
Highlighted
Contributor

ACS 5.1 Active Directory EAP-TLS

Hello,

I am trying to use ACS 5.1 with Active Directory and do 802.1X EAP-TLS for wired and wireless access. We need to map users to an identity group to assign VLANs, dACLs, etc., but having an issue mapping a certificate based user to AD attributes. When the user/machine presents a certificate the Identity Rule matches based on cert and doesn't seem to process AD attributes like group membership. In the User Guide it states that it supports 'Certificate Retrieval for EAP-TLS Authentication' but doesn't really give any direction on how to configure.

Thanks...

4 REPLIES 4
Highlighted
Contributor

Re: ACS 5.1 Active Directory EAP-TLS

N/M, I forgot to include the additional attribute retrieval search list in the identity store
sequence It is working now.

Highlighted
Beginner

Re: ACS 5.1 Active Directory EAP-TLS

hey Jason,

I am trying to configure the samething EAP-TLS with AD.

Can you share some screenshoot of "local certificate,  CA authority, and Certification profile?  Does the user certificate have to locate in AD for verify?

Thanks,

Nhan

Highlighted
Beginner

Re: ACS 5.1 Active Directory EAP-TLS

Could you perhaps share some of the config info - I'm trying to do just the same thing?

Many Thanks,

Guy

Highlighted
Contributor

Re: ACS 5.1 Active Directory EAP-TLS

Sorry I missed your questions. Attaches is a screenshot. I initially missed the lower section "Additional Attribute Retrival Search List"