Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

802.1x ACS 5.2 and AD

Hi,

I would like to enable 802.1x to replace an existing Cisco port security implementation. This will provide us
a greater mobility as workstations are moved within the network.

Planning on using 802.x for devices that are on the AD domain and MAB for devices that don't either have
in-built supplicants or not in the domain.


Can someone please advice if I am able to do this without using certificates? Would EAP work without having certificates?
I see that when the Windows supplicant is being configured to enable 802.1x, it is asking for certificate.


Thanks

  • Other Security Subjects
2 REPLIES

Re: 802.1x ACS 5.2 and AD

Patrick,

You can do PEAP with Certificate Checking turned off. It's not as secure, but it would give you the option of user authentication without worrying about certificates at all. For the non-supplicant devices, you will have to have a database of MAC addresses ready to do MAB.

HTH,

Faisal

--

If you find this post helpful, please rate so others can find the answer easily

New Member

Re: 802.1x ACS 5.2 and AD

Hi Faisal,

Without certificates does it mean that the machines would have to be authenticated agains AD with their computer object?

Also if I do decide to go with certificate does it mean that non domain devices can be authenticated with belonging to the domain

Thanks

653
Views
0
Helpful
2
Replies