I am trying to test the wireless authentication and authorization with my wireless users via ACS 4.2. I have the 4.2 trial version on Windows 2003 for testing. I also have WLC 5508 and 3602i in my lab. My AD/NPS and CA are Windows 2008 R2.
The Windows 2003 is part of the domain; and on the ACS, if I go to External Databse > Database Configuration > Windows Database > Configure
From here I selected my domain, tick "Enalble EAP-TLS Machine Authentication". I also have mapped the domain to the group I created in ACS.
I also chaged the default RADIUS ports to 1812 and 1813 on the ACS.
On my WLC 5508, I created a WLAN and set the RADIUS IP to the ACS IP address. However, I tried to join the wireless network. It keep failing.
I have installed the user cert on the laptop for EAP-TLS. If I changed the RADIUS server on the WLAN and pointed it to AD/NPS that I have, my test laptop was able to join the wireless network via EAP-TLS.
I am a little confuse about the ACS TACACS+. Is TACACS+ used only for logging into network devices for management or can it be used for regular users for authentication and authorization?
For example, a wireless user, which is part of the domain, need to join a wireless enterprise network for his office work. Can I use TACACS+ for this or it has to be RADIUS via ACS 4.2?
I have another question regarding the passwords for my servers. Since I joined my Windows 2003 with ACS 4.2 to the domain, my admin password for my AD/NPS and CA servers have changed to the Windows 2003 admin password.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :