Tags: , , , ,


Forum Replies

  1. Hello,

    Great post. Very informative. Two questions if I may; EAP-TLS user certificate was used in the above example but do you know if EAP-TLS machine certificate is possible? At my job we use EAP-TLS machine certificates for our computers but we would like to now extend EAP-TLS machine certificates to the Andriods. Also, in the example you launched the http://your-server-ip/certsrv from a computer then exported/imported to the Andriod, is it possible download/install the cert from http://your-server-ip/certsrv directly onto the Andriod or must the export/import step be used?

  2. Hi,
    We usually create eap-peap supportted ssid’s, can we use the same ssid for eap-tls .
    if yes or no could you show an example ssid
    Thanks

  3. Hi rene ,
    You said “EAP-TLS is the most secure form of wireless authentication because it replaces the client username/password with a client certificate.”
    In this example you are providing a username to connect to the ssid ?
    Thanks

  4. Hello Sims

    It is not possible to use the same SSID for both eap-peap support and eap-tls. You must use two separate SSIDs. However, Cisco ISE does have the capability of creating authentication policy rules. These are organised in if and then statements. When you configure an SSID, you can configure an authentication policy with all of the allowed protocols. If a device does not support this, or fails to connect using one specific setup, it can go on to the next available protocol configuration in the list until the list is exhausted. This however cannot

    ... Continue reading in our forum

  5. Hello again Sims

    It is more secure to use a certificate for authentication rather than a username and password. This is because the security mechanisms involved are much more complex and more difficult to break.

    In the above example, only the certificate is used for authentication. The username is used just for identiy purposes, to indicate to who the certificate belongs.

    I hope this has been helpful!

    Laz

11 more replies! Ask a question or join the discussion by visiting our Community Forum