11-09-2010 07:12 PM - edited 03-10-2019 05:33 PM
Hello,
I have a project to deploy dot1x wireless using using certificate authentication only - ie, once a certificate is presented to the ACS that is issued by a trusted CA, the connection is permitted.
So no further checking of user/machine credentials required.
My question is, in this case, is there any requirement for user accounts to be defined on the ACS? From the documentation it isn't clear. I am expecting that the ACS will extract the username from the certificate CN or SAN for reporting purposes, and add them as a dynamic user, so no need to define user accounts. The clients will be varying - anything from handheld devices to Windows machines.
Do I have this right?
Thanks,
Paul
11-09-2010 10:56 PM
No need to create a user account
BTW In ACS 5 the concept of a dynamic user does not apply
11-10-2010 01:30 AM
Thanks
So is it really as simple as this:
1) Define the network clients: APs / WLCs + radius stuff
2) Issue cert to ACS
3) Install internal CA cert and mark as trusted
4) Enable EAP-TLS as the authentication mechanism
Cheers,
Paul
11-10-2010 01:56 AM
Hi Paul,
Yes, in a nutshel that's all what is needed.
HTH,
Tiago
--
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide