cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2333
Views
0
Helpful
8
Replies

Autonomous AP to authenticate with ISE EAP-TLS

mohmmad.imran
Beginner
Beginner

Hi,

I am stuck with situation, where I need to get the autonomous AP to just authenticate with ISE EAP-TLS, is it possible?

so far I am not able to get it working, and ISE authenticate logs says that EAP method is not allowed in allowed-protocol, at the same time WLC has no issues in getting user authenticated with EAP-TLS.

any suggestion, would be appreciated.

Thanks

8 Replies 8

Scott Fella
Hall of Fame Guru Hall of Fame Guru
Hall of Fame Guru

Have you tried to test using PEAP? Just trying to eliminate variables. The setting on the AP would be the same for all EAP types.

Here is a guide that shows what is needed on the AP.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0ea.shtml#config-ap

Make sure the client is setup properly also which can show the same error.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

It works with ACS and I think it works also with ISE, it's the same principle.

Just for information, you can import a certificate with this commands :

crypto pki trustpoint MY-TRUSTPOINT

revocation-check none

enrollment terminal

exit

crypto pki imort MY-TRUSTPOINT pem terminal PASSPHRASE

Then copy / paste the CA certificate, the private key with the PASSPHRASE and the certificate.

NOTA BENE : all this certificates must be hashed with sha1 (sha256 is not supported).

 

filipe.gaspar
Beginner
Beginner

There is few documentation about EAP-TLS on EAP-TLS.

 

I'm looking for that.

 

Filipe

Abhishek Abhishek
Cisco Employee
Cisco Employee