Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS and 802.1x

We're running ACS 3.3.2 and testing 802.1x using PEAP-MSChap (server-side only cert). We have 3rd party certs installed on ACS that include a CDP (CRL Distribution Point). Is there any risk that if we lose Internet connectivity ACS will not allow an 802.1x authentication to occur? In other words, does ACS ever validate it's own cert including comparison against the CRL, or is it a mute point?

1 REPLY
Cisco Employee

Re: ACS and 802.1x

Losing Internet connectivity won't affect your authentication. The ACS cert is valid for a specific time and that is defined in the cert when it's installed, you can see how long it's valid for by going under System Config - ACS Certificate Setup - Install ACS Certificate. ACS will continue to validate connections against this cert regardless of whether it has connectivity to the CA server.

It may validate itself against the CRL, but your CRL should never contain the ACS cert anyway, it that happens then you have serious issues to discuss wioth your CA vendor. It certainly won't automatically get included just because you lose connectivity or anything like that.

261
Views
0
Helpful
1
Replies
CreatePlease login to create content