Im trying to configure ic-4500 as 802.1X RADIUS against OpenLDAP.Users have fedoraÇs supplicant.
I think the best method of authentication protocols is EAP-TTLS with PAP. But IÇm not sure about the certificates requarements I need
I think I only need to establish tunnel between supplicant and IC:
- On IC 4500; server certificate and root CA certificate.
- On suplicants; root CA certificate.
Do you think that is correct? Is there a better way?
Yes, your understnading is correct!
You need have root CA and server certificate installed in IC appliance.
And Truster server CA be installed in supplicant machine.
Is it possible using EAP-TTLS with cisco L2 switches?
I monitoring traffic betwen cisco SW and IC and I see nothing, before I have this configuration for IAS in SW and work well:
switchport mode access
dot1x port-control auto
Have you configured IC as radius server ?
You may check the ip-address and port number configured.
Please attach switch running configuration.
Yes I think IC-4500 is configured as RADIUS, because before I changed the IAS with IC and works fine (using MS-CHAP).
But now I need use IC for linuxÇs user in LDAP....this is the reason to use EAP-TTLS with PAP.
See the confugration attached.
Ok, now itÇs working....it wasnÇt problem of switch configuration.
The problem is in the supplicant, they canÇt validate certificated server, for the moment I solve the problem unvalidated server certifitate in the supplicant.