Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Certificate Authentication with ISE

                   Hi all,

I am looking to understand the different ways that people have used Certificates so that we can distinguish between Corporate owned Windows machines and IPAds and then the BYOD IPADs and machines that are attempting to connect to your network.

Essentially, I am not entirely sure on the kind of templates that we should be using for these certs? Would they be machine certs or user certs?

Also, I am not sure as to whether any attribute checking is required by ISE. I have been playing with Machine Cert authentication for our VPN users on an ASA. The ASA needs to match attributes so that it can identify what kind of policies and authentication methods to apply to the device.

I guess what I am really trying to ask is what do I need to bare in mind when deplying Certs for machine authentication for Wireless, Wired AND VPN access? are there any user guides or documents out there that are worth the read?

Hopefully that all makes sense.

Mario

1 REPLY

Certificate Authentication with ISE

You could use EAP-TLS with machine certificates.

Here's a great link showing IP Phones authentication using EAP-TLS

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/config_guide_c17-605524.html

In figure 3.2.5.2 you can see ACS uses "identitiy = CN username"

In figure 3.2.5.3 you can see ACS uses certificate dictionaries.

Please rate if it helps

3897
Views
0
Helpful
1
Replies
CreatePlease to create content