cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
1584
Views
0
Helpful
8
Replies
Highlighted
Beginner

Autonomous AP to authenticate with ISE EAP-TLS

Hi,

I am stuck with situation, where I need to get the autonomous AP to just authenticate with ISE EAP-TLS, is it possible?

so far I am not able to get it working, and ISE authenticate logs says that EAP method is not allowed in allowed-protocol, at the same time WLC has no issues in getting user authenticated with EAP-TLS.

any suggestion, would be appreciated.

Thanks

Everyone's tags (3)
8 REPLIES 8
Hall of Fame Master

Re: Autonomous AP to authenticate with ISE EAP-TLS

Have you tried to test using PEAP? Just trying to eliminate variables. The setting on the AP would be the same for all EAP types.

Here is a guide that shows what is needed on the AP.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0ea.shtml#config-ap

Make sure the client is setup properly also which can show the same error.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Beginner

It works with ACS and I think

It works with ACS and I think it works also with ISE, it's the same principle.

Just for information, you can import a certificate with this commands :

crypto pki trustpoint MY-TRUSTPOINT

revocation-check none

enrollment terminal

exit

crypto pki imort MY-TRUSTPOINT pem terminal PASSPHRASE

Then copy / paste the CA certificate, the private key with the PASSPHRASE and the certificate.

NOTA BENE : all this certificates must be hashed with sha1 (sha256 is not supported).

 

Beginner

There is few documentation

There is few documentation about EAP-TLS on EAP-TLS.

 

I'm looking for that.

 

Filipe

Rising star

EAP-TLS authentication

EAP-TLS authentication protocol is not supported for autonomous AP to authenticate with ISE. YOu can try with PEAP.

Beginner

It works with ACS and I think

It works with ACS and I think it works also with ISE, it's the same principle.

Just for information, you can import a certificate with this commands :

crypto pki trustpoint MY-TRUSTPOINT

revocation-check none

enrollment terminal

exit

crypto pki imort MY-TRUSTPOINT pem terminal PASSPHRASE

Then copy / paste the CA certificate, the private key with the PASSPHRASE and the certificate.

NOTA BENE : all this certificates must be hashed with sha1 (sha256 is not supported).

Beginner

For me it's the same thing

For me it's the same thing but I don't test with ISE. Does anyone has tested this use case ?

Enthusiast

As mentioned earlier.EAP-TLS

As mentioned earlier.

EAP-TLS is not supported in Autonomous you can use PEAP or use ACS as an alternative.

Participant

Re: Autonomous AP to authenticate with ISE EAP-TLS

Just for anyone who still have this question,

 

I've tested EAP-TLS authentication with a 1700 series autonomous AP and ISE version 2.2 successfully. In addition features like dynamic VLAN and ACL's also worked.

It seems that all the features the ACS supported for autonomous AP's are supported in ISE.

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards