Solved

802.1x Machine Authentication

Posted on 2004-09-22
1
2,594 Views
Last Modified: 2008-08-06
We use Active Directory and we have a Cisco ACS 3.2 appliance and all Cisco switches. Most machines ar XP Pro and some 2000. We have a problem of unsolicited machines plugging into our network and it's a big network. I  would like to use 802.1x PEAP with MSCHAPv2 for machine authentication. I was doing a little research and it sounds like I won't need to install a certificate on each computer (very nice). The ACS will require a certificate from a CA however.

So, can I use a private certificate for my ACS box? Buying a public certificate is way too expensive and this is not a public service. The client will look for some kind of root authority so that's why I'm wondering...

Here is the link where I found all this info:

http://cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0e4.shtml

Also- fyi, I want to use this for wired, not wireless as shown in example using Cisco 2950 switches (I can handle the switch setup).
0
Comment
Question by:mikesparker
1 Comment
 

Accepted Solution

by:
RonCharette earned 125 total points
ID: 12134127

Mike,
All you would need to do is create your own root authority.  As this is a large network, pick a server to house your root CA and go to town.  An example of a Root CA setup is at:

http://www.microsoft.com/technet/prodtechnol/winntas/maintain/security/hier3.mspx#EDAA

Hope this helps!
Ron Charette
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to take over, control, & secure a network 9 92
Palo Alto Networks - find the sec zone 3 65
Manage ASA using outside IP 14 62
Android Touch & Google API 7 24
One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question