ACS and CA in a wireless environment

When setting up a ACS server to work with a CA to authenticate wireless clients via machine authentication, does the CA need to be an Enterprise CA or can I do it with a standalone CA?
Note that for machine authentication, I need to push down group policies to the wireless machines on the Active Directory.

Machine authentication will only work with Enterprise certificate as auto-enrolement is mandatory for the Machine authentication to take place.

Similar Messages

  • Difference between ACS and ISE

    What is the big difference between the ACS and the ISE? We just purchased an ACS server to start locking down ports on our switches and use the Radius functions to better secure our wireless environment. It has been ordered but not yet arrived. I had a discussion with management today about preventing the IPads / IPhones / Smartphones / etc. of the world from accessing the network. If the user knows the credentials for getting their laptop onto the network then they can use these same credentials to get their IPad on the network. How do we detect and prevent is the current question.
    In discussing with others the ISE comes up. The questions now become what is the big difference between this and the ACS. Do they work together or independently since they both seem to have "radius on steroids". Can I configure the ACS to do the same functions? I figure this will have to be something on a MAC address level anyway. Oh and one other thing. My wireless infrastructure is not Cisco.
    Off to continue the research path ....
    Brent

    To put it simply I usually say ACS = RADIUS, ISE = NAC.
    ISE will do RADIUS functions as well as NAC functions. Eventually you'll probably see ACS go away and be simply replaced by ISE.
    ISE will do posturizing and profiling of a device to see if it truly meets requirements to be on a certain VLAN. For your example if you were to my credentials on my own smart device I would have access. ISE could profile this device to see if it truly is a corporate owned device or not. If it wasn't ISE can switch the network that the device connects to, say a guest network.
    ISE can also do captive web portals for wired/wireless guest access.
    I wouldn't rely on any type of MAC address authentication as I can easily spoof that.

  • ACS and Windows Domain / AD

    Hi All,
    In my environment there are two Windows Domain - Doamin A and B. ACS is configured on member server in domain B and hence Windows Authentication for users in Domain B is working fine. However I'm unable to see domain A in Configure Domain List on ACS server in Windows Domain configuration menu.
    Please note, there is one way trust between domain A and B with Domain A trusting Domain B.
    Is there a way I can use the same instance of ACS to authenticate the users in Domain A as well? If YES, can you please guide me with some pointers - thanks.
    I'm using ACS and Windows AD elements to authenticate users for SSL Web VPN on ASA 5540.
    Apprecaite quick help on this.
    -Satishcp

    Unfortunatley we are not using the Cisco Secure ACS Appliances, rather its ACS Ver 3.3 running on Windows 2000 Server (member server in Domain B).
    My guess Remote Agents for Windows / Solaris works with Appliances alone.

  • JMS in Wireless environment

              Hi,
              I am considering using JMS as means of sending messages between back office applications
              and mobile devices. Wireless comms will be over GSM/GPRS network and the idea of
              using JMS is to provide a nice abstruction layer between mobile comms and all applications.
              Messages will originate from both mobile and server side apps.
              Ideally I do not want to have to write the comms layer for use over GSM/GPRS. Broadbeam
              provide JAVA based layer, but I would preffere if everything is integrated within
              one service.
              So does anybody out there have any experiences with Softwired-inc's iBus//Mobile
              middleware and Weblogic ?. Are there any alternative solutions people have developed
              and use in real life ?!
              Thanks
              Nick
              

    Hi,
    Wondering if anybody out there has any experience
    with using JMS in a wireless environment.
    I am asking because I am interesting in using JMS as
    means of abstracting mobile network communication
    complexities from my application. Basically messages
    to and from mobile device going via a JMS
    environment. Messages are queued until the mobile
    device gains connectivity with the network.
    I have seen that softwired-inc.com have such an
    implementation. IBMs MQseries Everywhere is the
    another possibility. Is there anything else similar
    out there
    Thanks
    Nick
    Hi Nick,
    Our product, Nirvana, offers wireless device support. Nirvana provides 2 solutions, a ultra light J2ME client package as well as its standard distribution. The standard Nirvana distribution, including both server and client components, runs on Java platforms from Personal Java through to the latest J2EE environments.
    Servers running within the Personal Java environment are easily managed and integrated into larger corporate Nirvana implementations. Resources ( topics etc. ) can be transparently joined between mobile devices and Nirvana instances running within data centers. The joins support content based filtering ensuring that only data required by the mobile user is delivered.
    From a client perspective both Nirvana's ultra light J2ME client and its standard implementation support server side filtering, again ensuring that only data required is delivered to a mobile community.
    Regards,
    Paul Brant
    my-Channels - Technologies working together
    http://www.my-channels.com/

  • Wireless Environment Sizing

    Hi,
    is that a way to size wireless environment (e.g. a doc containing parameters like range or something), related to AIR-LAP1242AG-E-K9, or AIR-LAP1131AG-E-K9, in order to make a proposal to our customer. I have to know how many AP I need to cover the office.
    Thanks,
    Alessandro

    Some vendors are relying on CAPWAP or LWAPP sizing tools alone to determine AP placement. But I would say that there is not one tool alone or a single sizing guideline to use.
    A general use of thumb is listed below. But be careful. This is not a substitute for a site survey. Why? Tools and guidelines cannot take into account RF properties of a building or area or the 802.11 clients. If your customer is firm about not purchasing a site survey, you may want to cover yourself by stipulating that any area that is not adequately covered or where issues arise will have to be investigated with a site survey tool and visual inspection to determine proper AP placement for throughput and coverage for the application. (Site survey after the fact). If voice is involved, look at the manufacturer's transmitter and radio capabilities in the client itself. This may dictate much of the design if voice coverage is needed everywhere. Some voice vendors have a very weak transmitter in the voice (802.11) device and gets even weaker when the battery is at half battery power or lower. This means that while the APs can transmit adequately to the client, the client cannot transmit back in the coverage area. This can prove challenging without a site survey. Use the actual clients that your customer will use to test with and survey or use a site survey tool that allows you to adjust the transmit power.
    If you must go in blind - (wouldn't recommend it - but sometimes you must because of customer requirements)
    1 AP per 2000 sq feet - EXTREMELY SAFE VOICE and DATA
    1 AP per 3000 sq feet - VERY SAFE FOR DATA and VOICE
    1 AP per 3500 sq feet - SAFE FOR DATA and SOME VOICE
    1 AP per 4000 sq feet - AGGRESSIVE DATA ONLY
    1 AP per 5000 sq feet - DATA ONLY

  • Securing an Open Wireless Environment

    Hello everyone,
    Can anyone give me some ideas on securing a wireless environment in a hotel?  The SSID has to be broadcast of course but how can we protect guests from man in the middle attacks, etc.?  Currently the environment is all AP1200s with no hardware upgrades in the near future.  There is also a 2811 router in place but nothing else.  We would love to be able to force users to authenticate with a password in order to get out to the Internet as well.
    Thanks in advance!  All replies rated.

    It all completely depends.
    Guest access will give you username and password based authentication to get out but typically is still over an open WLAN, anyone using an open WLAN should be using vpns anyway. If thats explained in the acceptable use policy on your splash page then great.
    Pre shared keys may help but how often do you want to change them.
    Personally all hotels should provide free wireless and I would suggest just capturing the clients email details and using a pre shared key to keep it simple.

  • Integrating AirPort Extremes into a Cisco Wireless Environment

    Greetings,
    We've recently moved into a new facility and have a Cisco 4400 Wireless LAN Controller with 1242 LWAPPs. We have a few Airport Extreme's from our old location and would like to try an incorporate them into this new wireless environment. I would think that the preferred solution would be for the AP Extremes to function as LWAPPs. Failing that, is there a way to integrate them in?
    Thanks.

    Frank810, Welcome to the discussion area!
    I have never heard of that term before but according to Wikipedia LWAPP is the name of a protocol that can control multiple Wi-Fi wireless access points at once.
    Unfortunately I doubt that it works with any of Apple's base stations. You must use AirPort Utility to control/administer Apple's base stations.

  • I am unable to stream Netflix to my Iphone or Apple TV, from my wireless router . . . even though I am able to watch Netflix on my WII (also wireless) and desktop computer (not wireless).

    I am unable to stream Netflix to my Iphone or Apple TV, from my wireless router . . . even though I am able to watch Netflix on my WII (also wireless) and desktop computer (not wireless).
    On the Iphone and Apple TV I can connect to Netflix . . . it recognizes me and my account settings . . . and I can veiw all my recent programs and show titles, descriptions, etc..  But when I select one to watch I get a message saying:
    "ERROR A PROBLEM OCCURED WHILE PLAYING THIS ITEM. TRY AGAIN LATER, OR SELECT A DIFFERENT ITEM. GO TO WWW.NETFLIX.COM/SUPPORT FOR MORE INFORMATION. (139)
    Netflix support say there is nothing wrong on their end . . . that it is an Apple issue.  They see the request for the show, the devices are registered . . . but it shows 0 bandwidth to the device.
    My Apple TV did this when I first hooked it up a couple of weeks ago.  Then after a few days started working with Netflix, for no apparent change . . . now doesn't again for the past couple of days (I think that it auto restarted the other night after a virus scan).
    Very frustrating, and driving me nuts!  Has anyone else had and been able to resolve this problem?

    Troubleshooting
    Apple TV2 update one day and netflix is browsing but not launching the actual content (error 139)
    Ipad2 (another ios device) forces me to update netflix if I want to use it and I get the same error 139 on it.
    **** now I have two not ways not working where prior to some update it was fine.
    Nintendo Wii is still working ( mind you running an ancient version of netflix )  Dusted the Wii off and gave it to the kids use.  Now they are happy again...
    PC is also still working ( using some other flash client ) but that's just of interest, we're not going to be watching tv with that.
    My wife's iphone 4s is still working.  Odd.. still ios but for somereason I am not forced to update the version. So basically she could mirror stream up to the apple tv with it.  Nice feature of Ios5.  Later found out it is using 1.4 version of netflix.  The most useful thing out of that is that all 3 of the devices are Ios and it was actually the iphone with the 1.4 version of netflix that still worked!
    I heard from a friend who was on a different ISP he was still working so I took my appletv2 and ipad2 over to my brothers house who is on that same ISP as my friend and both started working.  So the ISP is involved too!
    Brought the appletv2 and ipad2 back to my house hoping it would maybe still work.  No dice   Broken again.
    Searched the appstore for a decent packet analyzer and there isn't really anything.  I was able to sniff the traffic with my PC and also on my juniper ssg5 confirmed that.  Turns out port 80 traffic is actually failing and authorization is not happening.  The other clients do not do this...
    Asked a buddy from work who used to work at the ISP if he could make a call to some one who might actually know what is going on.  He came back pretty quick and said yea they are trying really hard to get the beta patch in from Bluecoat asap. 
    So knowing that it was actually Netflix that changed when it hit 2.0 and in my case the ISP made the adjustment it's pretty safe to say this issue is going to be ongoing unless netflix changes again the way they authorize for licenses.
    So that's the summary of what went right down the troubleshooting path but I'll tell what what didn't
    2 calls to Netflix (useless... waste of time... they are too quick to blame anyone but themselves)
    1 call to apple support (support call was going to cost more than it cost for me to change ISPs)
    2 calls to ISP (through the normal means - regular support number)
    So why is this intermittantly working sometimes?  If you are lucky enough to authorize to an IP address that is not cached they voila you are going to get an authorization / a license to watch the show.  Some people report after defribulating their appletv (reseting, rebooting, dns changes, you name it) they get it working.  Over the past month we all seem to have got it working for some period of time only to lose it a day to two later.
    It's now been several days since the beta patch to the bluecoat and 4 of us who have been communicating on the issue appear to be online all at the same time for those several days and that is a good sign that we might be out of the woods on the issue.
    Hope this turns into something helpful for someone else out there.

  • HT4191 iPhone Local Storage "My iPhone" - How do you create this folder for use by the Notes app on a iPhone or iPad?  If I want to keep some notes only on my device and not in a cloud environment associated with an e-mail account.

    iPhone Local Storage "My iPhone" - How do you create this folder for use by the Notes app on a iPhone or iPad?  If I want to keep some notes only on my device and not in a cloud environment associated with an e-mail account.  I've seen reference to the  "My iPhone" local storage put no mention on how you create this folder or access this folder within the Notes app.  I realize storing information in a local storage like this provides no syncing between other iDevices but that is exactly what I'm looking for.  I'm running iOS7.0.4 on a iPhone 5S, and a iPad Air.  Any help would be greatly appreciated.

    If you go to Settings > Notes > Default Account you will see "On My iPhone" as the default account and the only choice if you have not enabled syncing Notes in Settings >iCloud or Settings > Mail, Contacts, Calendars. If you have enabled syncing you can still select "On My iPhone" as the default account. When you are in the Notes app you won't see any accounts listed if you have not enabled syncing because they are all in the On My iPhone account and that is the only place possible. It is not a folder that you create.

  • Ow can I use my time capsule as a time machine backup without using it wirelessly and not as a wireless router?

    How can I use my time capsule as a time machine backup without using it wirelessly and not as a wireless router?

    bzb888 wrote:
    I have a wireless transmitter already, would like to use the capsule just as a back up drive, I tried hooking up from the ethernet port on the imac to the one of the ports on the capsule but then my Wifi would not work. do I hook the cable to the port with the circle or the arrows?
    It is better to have the TC as part of the main network in bridge. You do not need to run wireless.
    If you want to use the TC plugged in by ethernet and still use wireless for internet, that is possible but the setup is rather more complicated.. the computer must not get confused about which device to use as a gateway or dns server.
    See info in this thread on setting this up.
    https://discussions.apple.com/thread/4817218?tstart=30
    I need to add.. a USB drive would be cheaper, faster and more reliable. It is really poor use of a TC.

  • When I try to print from my iPad I see a message "searching for printer" and then "no printer found.".  I have a printer application loaded and it finds my wireless printer.   How do I get the iPad to do the same so I can print from emails, the web, etc?

    When I try to print from my iPad I see a message "searching for printer" and then "no printer found.".  I have a printer application loaded and it finds my wireless printer.   How do I get the iPad to do the same so I can print from emails, the web, etc?  Thanks

    sandrafromsilver spring wrote:
    When I try to print from my iPad I see a message "searching for printer" and then "no printer found.".  I have a printer application loaded and it finds my wireless printer.   How do I get the iPad to do the same so I can print from emails, the web, etc?  Thanks
    Go to the following link:
    http://jaxov.com/2010/11/how-to-enable-airprint-service-on-mac-os-x-10-6-5/

  • Want to Start Backing-Up and Would Like a Wireless Connection

    I will try to explain my question as simple as I can, but my tech knowledge is not the best, so please bare with me. As I said in the heading I would like to start backing up my MBP (something I never have done) and I would like to use a 3.5-4 year-old Airport Extreme I have had for 4 years but never really used it much. I have a new MBP so I would like to understand what some of the basic terms mean first.
    In the dock I have an icon called Time Machine. I saw a device that looked like my Airport Extreme at the Apple Store, but I think the guy said it was called an Apple Capsule. He also said the Apple Capsule can do great back-ups and also "get you up and running on a wireless internet connection." Although I did not check out the costs of all the stuff I would need, I wanted to get an experts guidance on what is what and what I would need to use the program I already have called Time Machine. The Airport Extreme I have is square has several ethernet port ports in the back a WAN port and a light in the front that can turn various colors depending on the status of the Wireless connection.
    I am not sure if the Airport Extreme I have is still OK to use, safe enough, all of that stuff since technology changes so much in a short amount of time. So I was also looking at the LaCie Rugged Hard Disk Triple also 500 GB capacity option and if my 3.5 or 4 year-old Airport Extreme will work just fine use that and the LaCie.
    I am alos trying to understand the difference between the icon on my dock called Time Machine, the Time Capsule, and what I would need counting what my MBP came with (The Time Machine for sure).
    I think I got all the basic questions out for starters, and please let me know if you need any additional info if you need any additional info.
    I should add when I first connected up the Airport Extreme when I finally got the nerve to call Applecare for help hooking up the Airport Extreme approx 3.5-4 years ago. the lady who was in Canada was very good but the process seemed quite complicated and that could have been because that was the first real complicated set-up I had done using my new MBP at that time. It seemed a lot of the complications came with all the passwords, security questions I had to remember, long numbers, etc. But since I knew nothing about Macs at that time it probably had a lot do do with that.
    I am open for constructive criticisms and help but if you have a need to knock someone down please go elsewhere. I tried my hardest to explain what I need help with and when I decided to come to my favorite place for help, I came hoping I would not get a bunch of put-downs like has happened in the past.
    thanks in advance for your help.

    One2Two wrote:
    I appreciate your help. I understand now that Time Machine is software. What I do not understand is it software to be used with Time Capsule? Another device?
    Apple intends Time Machine to be used to write its backup files to (a) a directly-connected (as via USB or FireWire) external or secondary internal disk or (b) the disk in a Time Capsule. All other configurations are officially unsupported.
    I have not purchased the LaCie device yet. it seemed cool.
    As a Time Machine target drive I imagine that the LaCie drive is fine for a directly-connected drive (option "a" above), but is not recommended for use when connected to a WiFi base station.
    at the time I wrote this post, I had no idea that the Time Capsule was an Airport Extreme too
    Apple doesn't call it that, but except for the disk drive it's functionally equivalent.
    I appreciate your feedback on how to avoid some of the smart *** and mean comments I frequently get. I do not agree with most of what you wrote because although I post a post or Question(s), but I do not ask any specific person to answer or help me.
    True, but that's not my point. When you post a question on a forum such as this, you do so with the hope that someone will reply with useful advice. To do that someone has to read your post to determine what advice to give you. So anyone who has any thought of helping you has to first read your post, which involves a certain commitment of time.
    Frequently I do not get any answers or replies. it is their decision to try and help me or not. If they do not like the way the question(s) is worded or expressed in writing, they do not have to even attempt to answer it. That is what I never understood. The negative criticism would come with their first reply, but I did not even ask any specific person to help me.
    It's hard to comment without seeing your post and the reply, but perhaps those people were just trying to help you (clumsily, perhaps) learn how to write better-behaved posts.
    I do agree with putting too much info. in a post. I do try to keep it clear and concise, but that is very hard for me. So I appreciate your comment about that, because I do think I do have a tendency to write too much at times. I think it is great that there are people who like or want to do this, for whatever reason.

  • How can I get my clock to remain on the correct time when starting bootcamp and windows XP? wireless option is not available.

    How can I get my clock to remain on the correct time when starting bootcamp and windows XP? wireless option is not available.

    Have a look at solutions in here https://discussions.apple.com/message/10689317#10689317
    Regards
    Stefan

  • I have a macbook pro. i have a photosmart 7510. we just bought a new windows tower and the printer works wireless for us, but now the mac does not print anymore wirelessly. i keep getting a message Network host 'HPE93F2A.local.' is busy. what can i do to

    I have a macbook pro. i have a photosmart 7510. we just bought a new windows tower and the printer works wireless for us, but now the mac does not print anymore wirelessly. i keep getting a message Network host 'HPE93F2A.local.' is busy. what can i do to

    it is a windows 8

  • My Ipad did work on my wireless at home and works on other wireless but no longer at home. My IPhone works at home and others can use the wireless Confused that it did work and now does not?

    My Ipad did work on my wireless at home and works on other wireless but no longer at home. My IPhone works at home and others can use the wireless> Confused that it did work and now does not?

    Look at iOS Troubleshooting Wi-Fi networks and connections  http://support.apple.com/kb/TS1398
    Additional things to try.
    Turn Off your iPad. Then turn Off the wireless router & then back On. Now boot your iPad. Hopefully it will see the WiFi.
    On your iPad go to Settings > General > Reset > Reset network settings and see if that enables you to connect.
     Cheers, Tom

Maybe you are looking for

  • IPod Touch 1st generation won't start up after hard reset

    My iPod Touch 1st generation stopped working after I clicked "Erase all contents & settings". It won't start unless I hold the Sleep/Wake button & the Home button together. Then I get the Apple Logo but after a short time a wheel appears just below t

  • Missing Instances in SAP Management Console

    Hello, After troubles with Deploy (error message occurs) I tried to restart the J2EE Engine with sapmmc, but it does not start correctly (not all icons are green). So I stopped the J2EE engine, rebooted my developer PC and afterwards the list in sapm

  • How to hide page size at bottom of pdf?

    Hi I've created a PDF docuemnt to be viewed on screen wich contains a lot of buttons etc. At the bottom of the page in normal view (we are not using full screen. or reading mode) the page size measurements pop up when the cursor approaches the bottom

  • Adding scripts to Actions

    I am involved in a lot of works of handling thousands of photos (digital/scanned, B/W as well as color, of different ages: I have to treat images from '30s) and in my workflow (Bridge-Camera Raw-PSHP) I have a lot of repetitive actions to take. One v

  • Can you turn transaction handling off?

    Is it possible to turn transactions off in Oracle, such that any changes get written to the database immediately and permanently and the multi-version consistency model is not used? I know there are many good reasons for not doing this but I've been