Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
961
Views
0
Helpful
2
Replies

802.1x ACS 5.2 and AD

patrick-clancy
Level 1
Level 1

‎10-05-2010 06:01 PM - edited ‎02-21-2020 10:25 AM

Hi,

I would like to enable 802.1x to replace an existing Cisco port security implementation. This will provide us
a greater mobility as workstations are moved within the network.

Planning on using 802.x for devices that are on the AD domain and MAB for devices that don't either have
in-built supplicants or not in the domain.


Can someone please advice if I am able to do this without using certificates? Would EAP work without having certificates?
I see that when the Windows supplicant is being configured to enable 802.1x, it is asking for certificate.


Thanks

Labels:
0 Helpful
2 Replies 2

Faisal Sehbai
Level 7
Level 7

‎10-05-2010 06:31 PM

Patrick,

You can do PEAP with Certificate Checking turned off. It's not as secure, but it would give you the option of user authentication without worrying about certificates at all. For the non-supplicant devices, you will have to have a database of MAC addresses ready to do MAB.

HTH,

Faisal

--

If you find this post helpful, please rate so others can find the answer easily

0 Helpful

patrick-clancy
Level 1
Level 1
In response to Faisal Sehbai

‎10-05-2010 07:47 PM

Hi Faisal,

Without certificates does it mean that the machines would have to be authenticated agains AD with their computer object?

Also if I do decide to go with certificate does it mean that non domain devices can be authenticated with belonging to the domain

Thanks

0 Helpful
Customers Also Viewed These Support Documents