Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10141
Views
20
Helpful
6
Replies

Cisco ISE and authentication for 802.1x printer

Go to solution
Marco Serato
Level 1
Level 1

‎01-15-2014 04:42 AM - edited ‎03-10-2019 09:16 PM

Hello

What is the best practice to authenticate a 802.1x printer in Cisco ISE?

The printer can store a certificate for authentication and support EAP-TLS.

Thanks for answer.

Marco

1 person had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Saurav Lodh
Level 7
Level 7

‎05-12-2014 06:18 AM

Please refer to authentication policies

 www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_auth_pol.html#pgfId-1146222

View solution in original post

Go to solution
Philip Vilhelmsson
Level 1
Level 1

‎05-13-2014 07:04 AM

Hi,

I use certificates (EAP-TLS) to authenticate Sharp printers. It seems to work. I havn't heard anything else from the printer guys.

 

/Philip

View solution in original post

6 Replies 6

Go to solution
Saurav Lodh
Level 7
Level 7

‎05-12-2014 06:18 AM

Please refer to authentication policies

 www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_auth_pol.html#pgfId-1146222

Go to solution
kaaftab
Level 4
Level 4

‎05-13-2014 04:07 AM

well use MAB  for printers.

0 Helpful

Go to solution
Philip Vilhelmsson
Level 1
Level 1

‎05-13-2014 07:04 AM

Hi,

I use certificates (EAP-TLS) to authenticate Sharp printers. It seems to work. I havn't heard anything else from the printer guys.

 

/Philip

Go to solution
Venkatesh Attuluri
Cisco Employee
Cisco Employee

‎05-28-2014 04:59 AM


ISE Deployment Best Practices

https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=4381

0 Helpful

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎05-28-2014 11:45 AM

EAP-TLS is the way to go. It is way way way more secure than MAB and profiling. However, the question is "How much of a hassle is it going to be to put a certificate on each printer?" Moreover, "What methods do I have (if any) to renew those certificates when they expire?" If have to manually generate a CSR and install a cert on each printer then it can quickly become an administrative overhead nightmare. With that being said, you can use MAB and profiling but just make sure that you lock down the access that those printers get. For instance, do they need access to the internet? Do they need access to anything else but the print server and/or open to all IPs access but only on the printing ports. 

I hope this puts you in the right direction!

 

Thank you for rating helpful posts!

Go to solution
eboza1234
Level 1
Level 1
In response to nspasov

‎06-21-2016 01:19 PM

I agree with Neno, I would suggest MAB with a limited authorization result, only what the printers need to access in the network

0 Helpful
Customers Also Viewed These Support Documents