Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2609
Views
5
Helpful
7
Replies

WPA2 Enterprise EAP-TLS authentication

Go to solution
170232D14065
Level 1
Level 1

‎10-25-2020 08:50 AM - edited ‎10-25-2020 10:43 AM

I need to connect my IoT embedded devices to a CISCO-ISE managed enterprise wireless network using WPA2E and EAP-TLS protocol for authentication. When I go through the cisco compatibility documentation for client devices there was nothing about the embedded devices. So my question is, what are the compatibility concerns when it comes to connecting an embedded device which simply consists of an MCU and some peripherals through certificate-based authentication? There were documents only regarding connection of mainstream devices like Pc, laptop, smartphone but none about MCU.

thank you

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Aref Alsouqi
VIP
VIP
In response to 170232D14065

‎10-26-2020 11:28 AM

I am really sorry, but did not come across those MCU in practice.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Aref Alsouqi
VIP
VIP

‎10-25-2020 09:05 AM

If the IoT device uses standard RADIUS protocol attributes then I think you can just add it as a normal network device to ISE, that should work. However, if it uses customized RADIUS attributes, then you need to create a network device profile with those customized attributes, and then when you add it as a network device, you need to associate the profile you created to that device from the Device Profile menu.

0 Helpful

Go to solution
170232D14065
Level 1
Level 1
In response to Aref Alsouqi

‎10-25-2020 10:47 AM

Thank you for reaching out. 

How can I connect an MCU to ISE? In the official documentation, there were only windows, macOS, android, and ios. but how do I connect an embedded device? 

0 Helpful

Go to solution
Aref Alsouqi
VIP
VIP
In response to 170232D14065

‎10-25-2020 11:09 AM

Is the MCU connected to the network and can reach ISE through the network?

0 Helpful

Go to solution
170232D14065
Level 1
Level 1
In response to Aref Alsouqi

‎10-25-2020 08:25 PM

it's in the wifi authentication phase. I think the ISE acts as the radius server for the access point. so it's about authenticating the device (wifi chip) to the network. 

0 Helpful

Go to solution
Aref Alsouqi
VIP
VIP
In response to 170232D14065

‎10-25-2020 08:52 PM

If the MCU connects to the access point, then the access point should be added to ISE as a network device, since the access point will be the RADIUS authenticator and the MCU will be the supplicant. The SSID on the access point should be configured for dot1x as well.

Go to solution
170232D14065
Level 1
Level 1
In response to Aref Alsouqi

‎10-25-2020 10:05 PM

So it seems it is all good if the device supports standard RADIUS protocol attributes. 

Can you direct me to some resources describing the implementation of EAP-TLS on a microcontroller?

So far I didn't find any guidance docs. The only thing having is a secure connection to a web server through certificate-based authentication, but nothing about WiFi authentication using ca.

Thank you so much for clarifying things. 

0 Helpful

Go to solution
Aref Alsouqi
VIP
VIP
In response to 170232D14065

‎10-26-2020 11:28 AM

I am really sorry, but did not come across those MCU in practice.

0 Helpful
Review Cisco Networking for a $25 gift card
Top