Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

ACS 5.1 Active Directory EAP-TLS


I am trying to use ACS 5.1 with Active Directory and do 802.1X EAP-TLS for wired and wireless access. We need to map users to an identity group to assign VLANs, dACLs, etc., but having an issue mapping a certificate based user to AD attributes. When the user/machine presents a certificate the Identity Rule matches based on cert and doesn't seem to process AD attributes like group membership. In the User Guide it states that it supports 'Certificate Retrieval for EAP-TLS Authentication' but doesn't really give any direction on how to configure.


New Member

Re: ACS 5.1 Active Directory EAP-TLS

N/M, I forgot to include the additional attribute retrieval search list in the identity store
sequence It is working now.

New Member

Re: ACS 5.1 Active Directory EAP-TLS

hey Jason,

I am trying to configure the samething EAP-TLS with AD.

Can you share some screenshoot of "local certificate,  CA authority, and Certification profile?  Does the user certificate have to locate in AD for verify?



New Member

Re: ACS 5.1 Active Directory EAP-TLS

Could you perhaps share some of the config info - I'm trying to do just the same thing?

Many Thanks,


New Member

Re: ACS 5.1 Active Directory EAP-TLS

Sorry I missed your questions. Attaches is a screenshot. I initially missed the lower section "Additional Attribute Retrival Search List"

CreatePlease to create content