Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco ISE and authentication for 802.1x printer

Hello

What is the best practice to authenticate a 802.1x printer in Cisco ISE?

The printer can store a certificate for authentication and support EAP-TLS.

Thanks for answer.

Marco

2 ACCEPTED SOLUTIONS

Accepted Solutions

Please refer to

Please refer to authentication policies

 www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_auth_pol.html#pgfId-1146222

Hi,I use certificates (EAP

Hi,

I use certificates (EAP-TLS) to authenticate Sharp printers. It seems to work. I havn't heard anything else from the printer guys.

 

/Philip

6 REPLIES

Please refer to

Please refer to authentication policies

 www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_auth_pol.html#pgfId-1146222

Silver

well still MAB is a option

well use MAB  for printers.

Hi,I use certificates (EAP

Hi,

I use certificates (EAP-TLS) to authenticate Sharp printers. It seems to work. I havn't heard anything else from the printer guys.

 

/Philip

Cisco Employee

ISE Deployment Best


ISE Deployment Best Practices

https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=4381

Cisco Employee

EAP-TLS is the way to go. It

EAP-TLS is the way to go. It is way way way more secure than MAB and profiling. However, the question is "How much of a hassle is it going to be to put a certificate on each printer?" Moreover, "What methods do I have (if any) to renew those certificates when they expire?" If have to manually generate a CSR and install a cert on each printer then it can quickly become an administrative overhead nightmare. With that being said, you can use MAB and profiling but just make sure that you lock down the access that those printers get. For instance, do they need access to the internet? Do they need access to anything else but the print server and/or open to all IPs access but only on the printing ports. 

I hope this puts you in the right direction!

 

Thank you for rating helpful posts!

Thank you for rating helpful posts!
New Member

I agree with Neno, I would

I agree with Neno, I would suggest MAB with a limited authorization result, only what the printers need to access in the network

1385
Views
15
Helpful
6
Replies