Solved

802.1x Machine Authentication

Posted on 2004-09-22
1
2,586 Views
Last Modified: 2008-08-06
We use Active Directory and we have a Cisco ACS 3.2 appliance and all Cisco switches. Most machines ar XP Pro and some 2000. We have a problem of unsolicited machines plugging into our network and it's a big network. I  would like to use 802.1x PEAP with MSCHAPv2 for machine authentication. I was doing a little research and it sounds like I won't need to install a certificate on each computer (very nice). The ACS will require a certificate from a CA however.

So, can I use a private certificate for my ACS box? Buying a public certificate is way too expensive and this is not a public service. The client will look for some kind of root authority so that's why I'm wondering...

Here is the link where I found all this info:

http://cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0e4.shtml

Also- fyi, I want to use this for wired, not wireless as shown in example using Cisco 2950 switches (I can handle the switch setup).
0
Comment
Question by:mikesparker
1 Comment
 

Accepted Solution

by:
RonCharette earned 125 total points
ID: 12134127

Mike,
All you would need to do is create your own root authority.  As this is a large network, pick a server to house your root CA and go to town.  An example of a Root CA setup is at:

http://www.microsoft.com/technet/prodtechnol/winntas/maintain/security/hier3.mspx#EDAA

Hope this helps!
Ron Charette
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now