Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
674
Views
0
Helpful
3
Replies

Cisco ACS 5.3 multiple service selection needs for RADIUS Wireless PEAP & 802.1x Port Auth

Go to solution
michael mearlon
Level 1
Level 1

‎02-27-2013 03:16 PM - edited ‎03-10-2019 08:08 PM

I use ACS 5.3.0.40.8 with TACACS+ servicing Device AAA and RADIUS servicing the Cisco Wireless environment for AD user access. How can I implement 802.1x with the current RADIUS implementation with hindering current wireless users or am I hindered due to the EAP-GTC in use with PEAP via RADIUS?

Sent from Cisco Technical Support iPad App

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
maldehne
Cisco Employee
Cisco Employee

‎02-28-2013 04:11 AM

Generally speaking the EAP type is determined by the supplicant and the server

so if you have wireless client configured for EAP TLS and wired clients configured

for PEAP MSCHAP v2 , you shouldn't have any problem if you have an Access

Service handling RADIUS and having both types of EAP enabled and the identity

policy as well as the authorization is straight to the same target and level of access.

Cheers

-------------------------------------------------------------------------------------------------------------------------

Please Don't Forget to rate correct answers

View solution in original post

0 Helpful
3 Replies 3

Go to solution
maldehne
Cisco Employee
Cisco Employee

‎02-28-2013 04:11 AM

Generally speaking the EAP type is determined by the supplicant and the server

so if you have wireless client configured for EAP TLS and wired clients configured

for PEAP MSCHAP v2 , you shouldn't have any problem if you have an Access

Service handling RADIUS and having both types of EAP enabled and the identity

policy as well as the authorization is straight to the same target and level of access.

Cheers

-------------------------------------------------------------------------------------------------------------------------

Please Don't Forget to rate correct answers

0 Helpful

Go to solution
michael mearlon
Level 1
Level 1

‎02-28-2013 09:41 AM

I have my answer now. I needed to go to the Access Policies > Access Services > Service Selection Rules and add a NDG condition to one of my RADIUS match rules.

Sent from Cisco Technical Support iPad App

Preview file
351 KB
0 Helpful

Go to solution
michael mearlon
Level 1
Level 1

‎02-28-2013 09:42 AM

I have my answer now. I needed to go to the Access Policies > Access Services > Service Selection Rules and add a NDG condition to one of my RADIUS match rules.

Sent from Cisco Technical Support iPad App

Preview file
351 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents