Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 5.2 EAP-TLS User Accounts

Hello,

I have a project to deploy dot1x wireless using using certificate authentication only - ie, once a certificate is presented to the ACS that is issued by a trusted CA, the connection is permitted.

So no further checking of user/machine credentials required.

My question is, in this case, is there any requirement for user accounts to be defined on the ACS?  From the documentation it isn't clear.  I am expecting that the ACS will extract the username from the certificate CN or SAN for reporting purposes, and add them as a dynamic user, so no need to define user accounts.  The clients will be varying - anything from handheld devices to Windows machines.

Do I have this right?

Thanks,

Paul

Everyone's tags (5)
3 REPLIES
Cisco Employee

Re: ACS 5.2 EAP-TLS User Accounts

No need to create a user account

BTW In ACS 5 the concept of a dynamic user does not apply

New Member

Re: ACS 5.2 EAP-TLS User Accounts

Thanks

So is it really as simple as this:

1) Define the network clients: APs / WLCs + radius stuff

2) Issue cert to ACS

3) Install internal CA cert and mark as trusted

4) Enable EAP-TLS as the authentication mechanism

Cheers,

Paul

Cisco Employee

Re: ACS 5.2 EAP-TLS User Accounts

Hi Paul,

Yes, in a nutshel that's all what is needed.

HTH,
Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

680
Views
0
Helpful
3
Replies
CreatePlease login to create content