You are absolutely correct. If the certificate for LOCAL-EAP is signed by a CA you trust, you will allow that authentication. For the ACS part or direct to IAS the certificate must be assigned to a valid user account.
/Ralph 2011/9/13 Leigh Jewell <[email protected]>: > I was doing some testing with local EAP using EAP-TLS with vendor > certificates. Once difference I noticed and wanted to verify is that it > appears that I didn't need a username for the client in the local database > to successfully authenticate a client. As long as my CA certificate has > signed the client certificate and it was valid the client would be > authenticated. > > In contrast when I do EAP-TLS with ACS I must have the username exist either > in the local database or an external database for it to be authenticated. > > Is this the results that other people have got ? > > Cheers, > Leigh > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
