Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1551
Views
0
Helpful
13
Replies

Authentication with ACS

FinningCL
Level 1
Level 1

‎12-29-2011 06:42 AM - edited ‎07-03-2021 09:18 PM

I need to authenticate my wireless network with Cisco Secure ACS 4.2 for the internet users (guest network), but I don't want to use a CA Certificate. Can I do that? How I have to do it? What authentication protocol I must use? Where can I find this configuration?

Labels:
0 Helpful
13 Replies 13

Scott Fella
Hall of Fame
Hall of Fame

‎12-29-2011 07:43 AM

Do you have a WLC?  What type of authentication are you trying to use?

You can do that, but that would mean you would need to put all the guest usernames and password into ACS.  If you have a WLC, usually you would use that to host the splash page and the guest credentials.

-Scott
*** Please rate helpful posts ***
0 Helpful

hugovivar
Level 1
Level 1
In response to Scott Fella

‎12-29-2011 09:23 AM

Thanks for your answer. I was trying to use EAP-FAST. but I couldn't make it work.

I don’t have a WLC and I need to authenticate the wireless connection by the ACS software because the users will use only internet and I need to have a control for the time connection. I know that I have to create usernames and passwords, but I don’t have another choice.

Do you have a tips for this implementation? I need the authentication only.

Thanks

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to hugovivar

‎12-29-2011 09:33 AM

If you plan on using authentication for internal users, you might as well do 802.1x PEAP which only requires a cert on the ACS. You can then tie ACS to AD or just have local credentials in ACS.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
0 Helpful

hugovivar
Level 1
Level 1
In response to Scott Fella

‎12-29-2011 09:50 AM

I'll use only local credentials, because the user that will use this wireless don't have the credentials in the AD. If I use PEAP and a CERT is necessary to install the cert in the laptops?

Thanks

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame

‎12-29-2011 11:14 AM

PEAP only requires a certificate in ACS (Radius)

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to Scott Fella

‎12-29-2011 11:18 AM

Here is a good link for autonomous configuration.

http://www.cisco.com/en/US/products/hw/wireless/ps4570/prod_configuration_examples_list.html

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

hugovivar
Level 1
Level 1
In response to Scott Fella

‎01-02-2012 07:09 AM

I was checking the link and I am trying to load the certificate in the ACS, but when I try to connect my laptop to the network the wireless client ask me the certificate installed in the PC. What I have to do if I only need the authentication?

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to hugovivar

‎01-02-2012 07:13 AM

The only certificate required for PEAP is a server side certificate installed on the radius server. If you are trying to EAP-TLS, then you need the one on the radius server and in each client. I would first try to use PEAP and get that to work before you even try EAP-TLS.

Please check how you setup your client device.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
0 Helpful

Stephen Rodriguez
Cisco Employee
Cisco Employee
In response to hugovivar

‎01-02-2012 07:18 AM

in the client config there is a check box to validate the server certificate. You can uncheck this box, as the client does not need to validate the cert.

HTH,

Steve

Sent from Cisco Technical Support iPad App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

Scott Fella
Hall of Fame
Hall of Fame

‎01-02-2012 07:17 AM

Have you successfully added a certificate in ACS? You can use a self signed certificate.

Verify the radius configuration.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/configuration/guide/peap_tls.html

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

hugovivar
Level 1
Level 1
In response to Scott Fella

‎01-02-2012 11:20 AM

The certificate was installed, but when I try to enable the PEAP configuration the Cisco ACS show me this error

"Failed to initialize PEAP or EAP-TLS authentication protocol because CA  certificate is not installed. Install the CA certificate using "ACS  Certification Authority Setup" page."

What I have to do? I tried to enable the certificate 4 times and the results is the same.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to hugovivar

‎01-02-2012 11:33 AM

That means you don't have a valid certificate installed. You need to create a new self signed certificate and make sure it is enabled for EAP.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to hugovivar

‎01-02-2012 11:37 AM

Remove the other certificates and here is a link.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2.1/User_Guide/SCAuth.html#wp327462

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card