12-15-2011 01:51 AM - edited 03-10-2019 06:38 PM
Hi there,
I'm currently trying out dot1x authentication with MDA. The phone is currently authenticated via MAB. I succeeded to do the same with a Win7 workstation, but now I have a problem with true dot1x auth. Whenever the client tries to authenticate to the ISE it is using the notorious "host/" prefix. I read in the ACS 5.2 user guide that there is an option to crop it. I tried to find the same feature in the ISE, but it seems there is none.
I have the authentication policy configured to use a certificate authentication profile as identity source when the method is dot1x without any additional conditions.
In this profile I tried several options, including the common name, subject, subject alternative name. Nothing helped.
Does anybody have a tip on how to solve this?
Thanks in advance
12-15-2011 09:25 PM
Are you using the option "
You will have to create an LDAP instance to make this work, after you configure the ldap instance then you can go to Directory Organization > select "Strip start of subject name up to the last occurrence of the separator" and change the default to \.
thanks,
Tarik Admani
12-16-2011 12:30 AM
If I understood correctly I don't need to create an external identity source when using the Certificate Authentication Profile feature.
This is what I got from the documentation:
"Certificate authentication profiles are used in authentication policies for certificate-based authentications in place of identity sources to verify the authenticity of the user."
I intend to use machine based authentication without contacting an external identity source.
I also ensured the root CA certificate is selected to be used for EAP-TLS authentication.
This brings me to another question.
If the CA issuing machine or user certificates is itself an intermediate CA do I have to install a chained certificate (intermediade CA+root CA) in the ISE or both CA certificates separately?
Thanks in advance
Regards,
Patrick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide