cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
530
Views
0
Helpful
0
Replies

ACS Certification & Identity Stores

JAYESH RAMAIYA
Level 1
Level 1

Hi

We have Cisco AP set up around our buiding. We also have a Cisco ACS server set up. Some of our domain users are able to go our customers sites which are on different domains and are thier work laptops to gain access to thier own domains. I know the customers are using RADAIUS and ARUBA.

I have been asked if we can allow customers to come to this office and allow then to log onto thier laptops, connect remotly through our wireless and let them connect to thier domain.

I believe this is possible through the ACS server, The ACS server would have the customer domain name configured in user and identity, Radius identity servers. The user would log in and authenticate and would be directed through a different vlan to the cust AD. Unfortunatly I am not an expert on the ACS and to be honest this is my first time that I have ever used this or set up wireless.

I have set up a test AP that is connected to the ACS. We have a Windows 7 laptop that is not on the co-perate domain that I am having issues connecting to the ACS.

The first problem was that the ACS sees the laptop and issues a certificate error -

12321 PEAP failed SSL/TLS handshake because the client rejected the ACS local-certificate : Authentication failed

I resolved this by unticking the Validate server certificate box in changing the Protected EAP Properties

I then tried to connect and now recieve the

22056 Subject not found in the applicable identity store(s). : Authentication failed

I am currently going through the ACS manual, I understand that the ACS needs to authenticate the host (laptop) first. I will be using the external identity store as the laptop is not on the coperate domain, I cannot use LDAP, AD, RSA as an external identity store.

My questions are below and I would be grateful for any feedback

1, Can I use the Radius Identity Server?

2, Would I need to use certificates as well an external identity store, or can I use just the one.

Regards

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: