cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

519
Views
0
Helpful
1
Replies
FabienO
Beginner

Radius client using EAP-TLS on Catalyst 9300 switch

I have setup a radius server and shared key for authentication.

For more security, i want to implement EAP-TLS.

The configuration server side but what do I need to do on the Catalyst 9300 switch as client ?

1 REPLY 1
Mike.Cifelli
VIP Advisor

For more security, i want to implement EAP-TLS.

The configuration server side but what do I need to do on the Catalyst 9300 switch as client ?

-There are several components that are required for this type of implementation to work.  Not only do you need proper config on ISE side, but the switch and all clients need to be configured to support this.  From the switch perspective you will need to determine whether or not you will use IBNS1.0 or 2.0 and enable radius support, etc.  As for the clients your big thing here will be determining what supplicant you wish to use (AnyConnect NAM or Native supplicants).  Both have their pros/cons.  I strongly suggest testing/doing your research to see what fits your environment needs best.  Lastly, once you have all components ready for deployment testing I would suggest to run things in 802.1x open mode to start then work towards tightening things once you feel comfortable.  This document here sheds light on essentially everything I mentioned and what you would need to piece all of this together: ISE Secure Wired Access Prescriptive Deployment Guide - Cisco Community

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube