04-03-2019 02:13 AM - edited 07-05-2021 10:11 AM
Dear Ciscoers,
I am studying branch authentication capabilities and I have got the needing to authorize clients even if the WAN link is down.
My authentication server is located in Data-center so i'm interested by the new functionnality of local EAP-TLS authentication described by this link : https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-1/configuration-guide/b_cg81/b_cg81_chapter_0101101.html#ID1324
I've seen these tables but I didn't really understood what is possible and what is not.
So, could you confirm that this method is compatible with Flexconnect "connected" mode ? We really don't need any local server, Flexconnect AP take completely authentication in charge ?
And, subsidiary question : Is this possible with Mobility Express AP ?
Thanks a lot for your help.
Solved! Go to Solution.
04-04-2019 04:16 AM
04-03-2019 06:20 AM
04-04-2019 01:11 AM
Thanks for your answer :)
3) The third option could be to activate both central auth and « AP local mode Authentication » ?
- When the WLC and the ISE are reachable, Flexconnect AP use the central authentication.
- When the tunnel is down, WLC and ISE are not reachable but Flexconnect AP could use local authentication like below.
Is this a scenario thinkable ?
04-04-2019 04:16 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide