Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 5.3 certificate VLAN AD mapping

Hi,

we have ACS 5.3 and 1042 AP. So we need to authenticate client based on user certificate, and after that to put the client in specific VLAN based on membership in Active Directory group.

Is it possible to do that? We can not solve the problem of identity store, once the user is authenticated based on regular certificate, we need to authorize the same user based on the specific attribute from AD.

Thank You

Best regards,

Vladimir

1 REPLY

ACS 5.3 certificate VLAN AD mapping

Hi Vladimir,

yes, you can do EAP-TLS authentication with attribute lookup against AD.

You have to configure an identity store sequence instead with authentication method certificate based and select AD for the retrieval of additional attributes. This sequence can be used in your access service as identity store.

hope that helps!

regards

Stefan

227
Views
0
Helpful
1
Replies
CreatePlease login to create content