Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

EAP-TLS question


does anybody know if, by using EAP-TLS, it's possible to start network connection before login like with LEAP. I tryed it but the certificate seems to be personnal. Is it possible to associate this one to the computer only (with a generic store or user) ???

In fact i'd like my stations to be reachable even if nobody's logged onto.

Thanks for help

  • Security and Network Management
New Member

Re: EAP-TLS question

I don't believe you can use EAP-TLS for "generic" PC authentication since the credentials for authentication are based off of the certificate that the user must import into their local machine store along with their network logon credentials. With the certificate that the user(s) imports into their local machine store, the "Issued to:" field of the certificate must match the user's account name in the DB that ACS is using for this, whether it's an external DB such as Active Directory or whatever. So, you are correct in saying that the user certificate seems to be personal to the specified user.

Hope that helps.

New Member

Re: EAP-TLS question

Same way that i thinked

many thanks