- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-25-2020 08:50 AM - edited 10-25-2020 10:43 AM
I need to connect my IoT embedded devices to a CISCO-ISE managed enterprise wireless network using WPA2E and EAP-TLS protocol for authentication. When I go through the cisco compatibility documentation for client devices there was nothing about the embedded devices. So my question is, what are the compatibility concerns when it comes to connecting an embedded device which simply consists of an MCU and some peripherals through certificate-based authentication? There were documents only regarding connection of mainstream devices like Pc, laptop, smartphone but none about MCU.
thank you
Solved! Go to Solution.
- Labels:
-
Security Management
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-26-2020 11:28 AM
I am really sorry, but did not come across those MCU in practice.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-25-2020 09:05 AM
If the IoT device uses standard RADIUS protocol attributes then I think you can just add it as a normal network device to ISE, that should work. However, if it uses customized RADIUS attributes, then you need to create a network device profile with those customized attributes, and then when you add it as a network device, you need to associate the profile you created to that device from the Device Profile menu.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-25-2020 10:47 AM
Thank you for reaching out.
How can I connect an MCU to ISE? In the official documentation, there were only windows, macOS, android, and ios. but how do I connect an embedded device?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-25-2020 11:09 AM
Is the MCU connected to the network and can reach ISE through the network?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-25-2020 08:25 PM
it's in the wifi authentication phase. I think the ISE acts as the radius server for the access point. so it's about authenticating the device (wifi chip) to the network.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-25-2020 08:52 PM
If the MCU connects to the access point, then the access point should be added to ISE as a network device, since the access point will be the RADIUS authenticator and the MCU will be the supplicant. The SSID on the access point should be configured for dot1x as well.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-25-2020 10:05 PM
So it seems it is all good if the device supports standard RADIUS protocol attributes.
Can you direct me to some resources describing the implementation of EAP-TLS on a microcontroller?
So far I didn't find any guidance docs. The only thing having is a secure connection to a web server through certificate-based authentication, but nothing about WiFi authentication using ca.
Thank you so much for clarifying things.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-26-2020 11:28 AM
I am really sorry, but did not come across those MCU in practice.
