?
Solved

802.1x Machine Authentication

Posted on 2004-09-22
1
Medium Priority
?
2,610 Views
Last Modified: 2008-08-06
We use Active Directory and we have a Cisco ACS 3.2 appliance and all Cisco switches. Most machines ar XP Pro and some 2000. We have a problem of unsolicited machines plugging into our network and it's a big network. I  would like to use 802.1x PEAP with MSCHAPv2 for machine authentication. I was doing a little research and it sounds like I won't need to install a certificate on each computer (very nice). The ACS will require a certificate from a CA however.

So, can I use a private certificate for my ACS box? Buying a public certificate is way too expensive and this is not a public service. The client will look for some kind of root authority so that's why I'm wondering...

Here is the link where I found all this info:

http://cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0e4.shtml

Also- fyi, I want to use this for wired, not wireless as shown in example using Cisco 2950 switches (I can handle the switch setup).
0
Comment
Question by:mikesparker
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 

Accepted Solution

by:
RonCharette earned 500 total points
ID: 12134127

Mike,
All you would need to do is create your own root authority.  As this is a large network, pick a server to house your root CA and go to town.  An example of a Root CA setup is at:

http://www.microsoft.com/technet/prodtechnol/winntas/maintain/security/hier3.mspx#EDAA

Hope this helps!
Ron Charette
0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recovering from what the press called "the largest-ever cyber-attack", IT departments worldwide are discussing ways to defend against this in the future. In this process, many people are looking for immediate actions while, instead, they need to tho…
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question