I am stuck with situation, where I need to get the autonomous AP to just authenticate with ISE EAP-TLS, is it possible?
so far I am not able to get it working, and ISE authenticate logs says that EAP method is not allowed in allowed-protocol, at the same time WLC has no issues in getting user authenticated with EAP-TLS.
any suggestion, would be appreciated.
Have you tried to test using PEAP? Just trying to eliminate variables. The setting on the AP would be the same for all EAP types.
Here is a guide that shows what is needed on the AP.
Make sure the client is setup properly also which can show the same error.
Sent from Cisco Technical Support iPhone App
It works with ACS and I think it works also with ISE, it's the same principle.
Just for information, you can import a certificate with this commands :
crypto pki trustpoint MY-TRUSTPOINT
crypto pki imort MY-TRUSTPOINT pem terminal PASSPHRASE
Then copy / paste the CA certificate, the private key with the PASSPHRASE and the certificate.
NOTA BENE : all this certificates must be hashed with sha1 (sha256 is not supported).