Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Autonomous AP to authenticate with ISE EAP-TLS

Hi,

I am stuck with situation, where I need to get the autonomous AP to just authenticate with ISE EAP-TLS, is it possible?

so far I am not able to get it working, and ISE authenticate logs says that EAP method is not allowed in allowed-protocol, at the same time WLC has no issues in getting user authenticated with EAP-TLS.

any suggestion, would be appreciated.

Thanks

Everyone's tags (3)
7 REPLIES
Hall of Fame Super Silver

Re: Autonomous AP to authenticate with ISE EAP-TLS

Have you tried to test using PEAP? Just trying to eliminate variables. The setting on the AP would be the same for all EAP types.

Here is a guide that shows what is needed on the AP.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0ea.shtml#config-ap

Make sure the client is setup properly also which can show the same error.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

It works with ACS and I think

It works with ACS and I think it works also with ISE, it's the same principle.

Just for information, you can import a certificate with this commands :

crypto pki trustpoint MY-TRUSTPOINT

revocation-check none

enrollment terminal

exit

crypto pki imort MY-TRUSTPOINT pem terminal PASSPHRASE

Then copy / paste the CA certificate, the private key with the PASSPHRASE and the certificate.

NOTA BENE : all this certificates must be hashed with sha1 (sha256 is not supported).

 

New Member

There is few documentation

There is few documentation about EAP-TLS on EAP-TLS.

 

I'm looking for that.

 

Filipe

EAP-TLS authentication

EAP-TLS authentication protocol is not supported for autonomous AP to authenticate with ISE. YOu can try with PEAP.

New Member

It works with ACS and I think

It works with ACS and I think it works also with ISE, it's the same principle.

Just for information, you can import a certificate with this commands :

crypto pki trustpoint MY-TRUSTPOINT

revocation-check none

enrollment terminal

exit

crypto pki imort MY-TRUSTPOINT pem terminal PASSPHRASE

Then copy / paste the CA certificate, the private key with the PASSPHRASE and the certificate.

NOTA BENE : all this certificates must be hashed with sha1 (sha256 is not supported).

New Member

For me it's the same thing

For me it's the same thing but I don't test with ISE. Does anyone has tested this use case ?

Cisco Employee

As mentioned earlier.EAP-TLS

As mentioned earlier.

EAP-TLS is not supported in Autonomous you can use PEAP or use ACS as an alternative.

609
Views
0
Helpful
7
Replies