Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Certificate Authentication with ISE

                   Hi all,

I am looking to understand the different ways that people have used Certificates so that we can distinguish between Corporate owned Windows machines and IPAds and then the BYOD IPADs and machines that are attempting to connect to your network.

Essentially, I am not entirely sure on the kind of templates that we should be using for these certs? Would they be machine certs or user certs?

Also, I am not sure as to whether any attribute checking is required by ISE. I have been playing with Machine Cert authentication for our VPN users on an ASA. The ASA needs to match attributes so that it can identify what kind of policies and authentication methods to apply to the device.

I guess what I am really trying to ask is what do I need to bare in mind when deplying Certs for machine authentication for Wireless, Wired AND VPN access? are there any user guides or documents out there that are worth the read?

Hopefully that all makes sense.



Certificate Authentication with ISE

You could use EAP-TLS with machine certificates.

Here's a great link showing IP Phones authentication using EAP-TLS

In figure you can see ACS uses "identitiy = CN username"

In figure you can see ACS uses certificate dictionaries.

Please rate if it helps

CreatePlease to create content