cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

100
Views
0
Helpful
1
Replies
Highlighted
Beginner

Anchored EAP-TLS: foreign terminates TLS

Hi all,

 

In one of our clients there is a wlan service for corporate devices with EAP-TLS and anchored since they require Internet access only.

 

As stated on Cisco’s Enterprise Mobility 7.3 Design Guide, the wlan’s security parameters are configured exactly the same on both the foreign and the anchors, including the authentication and accounting servers (acct+auth are active on both foreign and anchors, with the same radius servers - the ISE PSNs).

 

The issue is that the TLS termination and user authentication is done on the foreign and, for security proposes, it would be best to have these intelligent functions on the anchor (being the intranet foreign just a bridge).

 

One possible solution might be to disable authentication on the foreign but: first, I don't know if this will break the anchoring at some point; second, because I don't want to diverge from the design guides on a productive environment.

 

WLCs running 7.6.130.

 

Any thoughts on this one?

 

Thanks in advance.

Everyone's tags (4)
1 REPLY 1
Beginner

Update: tested disabling acct

Update: tested disabling acct+auth on the foreign and this doesn't work

CreatePlease to create content
Content for Community-Ad

August's Community Spotlight Awards