Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
409
Views
0
Helpful
1
Replies

Anchored EAP-TLS: foreign terminates TLS

tjoliveira
Level 1
Level 1

‎02-18-2015 12:35 AM - edited ‎07-05-2021 02:32 AM

Hi all,

 

In one of our clients there is a wlan service for corporate devices with EAP-TLS and anchored since they require Internet access only.

 

As stated on Cisco’s Enterprise Mobility 7.3 Design Guide, the wlan’s security parameters are configured exactly the same on both the foreign and the anchors, including the authentication and accounting servers (acct+auth are active on both foreign and anchors, with the same radius servers - the ISE PSNs).

 

The issue is that the TLS termination and user authentication is done on the foreign and, for security proposes, it would be best to have these intelligent functions on the anchor (being the intranet foreign just a bridge).

 

One possible solution might be to disable authentication on the foreign but: first, I don't know if this will break the anchoring at some point; second, because I don't want to diverge from the design guides on a productive environment.

 

WLCs running 7.6.130.

 

Any thoughts on this one?

 

Thanks in advance.

Labels:
0 Helpful
1 Reply 1

tjoliveira
Level 1
Level 1

‎02-19-2015 01:50 AM

Update: tested disabling acct+auth on the foreign and this doesn't work

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card