ACS with PKI

Unanswered Question
Mar 30th, 2007
User Badges:

I am a ACS server for authentication/authorization of client's, routers/switches/users. This same ACS server I am also using for authorizing the router to use certificates (av-pair cert-application=all). For this to work you need to create a user (FQDN of router) in ACS.

The side affect is that anybody can use this username and password to login to any device in this setup. I did limit the privilege to 0 so no enable rights are possible

Is there a possibility on the ACS to make sure that this user is only allowed to use certificates and can't login at all?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
smalkeric Thu, 04/05/2007 - 10:23
User Badges:
  • Silver, 250 points or more

If you use EAP-TLS, you will need more ACS servers; but, if you use PEAP, you will need fewer. EAP-TLS is slower than PEAP due to public-key infrastructure (PKI) processing time.

Actions

This Discussion