Solved

802.1x Machine Authentication

Posted on 2004-09-22
1
2,605 Views
Last Modified: 2008-08-06
We use Active Directory and we have a Cisco ACS 3.2 appliance and all Cisco switches. Most machines ar XP Pro and some 2000. We have a problem of unsolicited machines plugging into our network and it's a big network. I  would like to use 802.1x PEAP with MSCHAPv2 for machine authentication. I was doing a little research and it sounds like I won't need to install a certificate on each computer (very nice). The ACS will require a certificate from a CA however.

So, can I use a private certificate for my ACS box? Buying a public certificate is way too expensive and this is not a public service. The client will look for some kind of root authority so that's why I'm wondering...

Here is the link where I found all this info:

http://cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0e4.shtml

Also- fyi, I want to use this for wired, not wireless as shown in example using Cisco 2950 switches (I can handle the switch setup).
0
Comment
Question by:mikesparker
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 

Accepted Solution

by:
RonCharette earned 125 total points
ID: 12134127

Mike,
All you would need to do is create your own root authority.  As this is a large network, pick a server to house your root CA and go to town.  An example of a Root CA setup is at:

http://www.microsoft.com/technet/prodtechnol/winntas/maintain/security/hier3.mspx#EDAA

Hope this helps!
Ron Charette
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of you may be aware of the recent Google Docs scam emails that have been floating around coming from various people that you know. Here's a guide on identifying How To Identify the Scam Email You will see an email from someone you’ve had co…
A hard and fast method for reducing Active Directory Administrators members.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question