Hi all When you create a NAP policy using the default template present in ACS, the following options are selected by default in the protocol section.
- Allow EAP-FAST - Allow authenticated in-band PAC provisioning - Accept client on authenticated provisioning - Allow Stateless session resume - Allowed inner methods :EAP-GTC and MSCHAPv2 You can also see another option there as following. This option doesn't require server certificate to be installed on the client while "Allow authenticated in-band PAC provisioning" requires server certificate to be installed. - Allow anonymous in-band PAC provisioning In NAP L3/L2 IP which uses PEAP, the ACS certificate is required to be installed on the client else the handshake would fail Let's consider both "Allow anonymous in-band PAC provisioning" and "Allow authenticated in-band PAC provisioning" are selected. Now will the client expect the server to present the certificate or not? For me, I see NAC L2 802.1x working without server certificate on the client? Any thoughts? With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
