Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
377
Views
0
Helpful
3
Replies

ACS 5.5 802.1X authentication based on certificate issuer

Allen Spoon
Level 1
Level 1

‎09-21-2015 07:18 PM - edited ‎03-08-2019 01:53 AM

Is it possible to do 802.1X authentication with ACS 5.5 based on the client machine certificate issuer (without joining the ACS to AD)?

 

Example, If the client machine has a certificate loaded that was issued by a certain authority, allow it access.

 

Our AD admins will not let us join our ACS to the domain.

1 person had this problem
Labels:
0 Helpful
3 Replies 3

Peter Koltl
Level 7
Level 7

‎09-22-2015 12:42 PM

Yes, you can use EAP-TLS via LDAP (but not PEAP-MSCHAPv2).

0 Helpful

Alban H
Level 1
Level 1

‎09-23-2015 11:21 AM

Hi Allen,

We managed to have port based NAC solely based on certificates and with Cisco switches. It also not fully tested, but basic use cases are working (e.g. device with wrong or no certificate are rejected, and devices with a certificate gets connected). I will need sometime to write the howto but if you already have particular questions, I will be happy to help.

0 Helpful

Allen Spoon
Level 1
Level 1
In response to Alban H

‎09-23-2015 01:08 PM

Awesome. That would be very helpful.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card