we have ACS 5.3 and 1042 AP. So we need to authenticate client based on user certificate, and after that to put the client in specific VLAN based on membership in Active Directory group.
Is it possible to do that? We can not solve the problem of identity store, once the user is authenticated based on regular certificate, we need to authorize the same user based on the specific attribute from AD.
yes, you can do EAP-TLS authentication with attribute lookup against AD.
You have to configure an identity store sequence instead with authentication method certificate based and select AD for the retrieval of additional attributes. This sequence can be used in your access service as identity store.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...