- last edited on
In this article, I will explain how to use external CA provided certificates for Wired 802.1x authentication with Cloudpath ES.
Below devices used for testing the behavior.
Cloudpath end Setup (This is the most important part of configuration, without this config Cloudpath will not accept external CA authentication)
Certificate Authority>>> Manage Templates>>>Add Certificate Template
>>>Select Use a Custom external Certificate Authority and click Next
>>>Fill/Check in the information marked in yellow and click Save.
Configuration Workflow (This is only required to map the external certificate template created in the above step, not required as exact)
Configuration>>> Workflows>>>Add Workflows
>>>Fill in the details and click Save
>>>External CA should be mapped in the workflow and published.(Important)
Switch end Setup
>>>Switch with below configuration will be enough for 802.1x authentication flow.(example as below)
Text in bold are variables
ICX7450-48P(config)#vlan XXICX7450-48P(config)#aaa authentication dot1x default radiusICX7450-48P(config)#radius-server host 10.177.X.X auth-port 1812 acct-port 1813 default key 2 sdklhfsdh dot1x
ICX7450-48P(config)#authenticationICX7450-48P(config-authen)#auth-default-vlan XXICX7450-48P(config-authen)#re-authenticationICX7450-48P(config-authen)#dot1x enableICX7450-48P(config-authen)#dot1x enable ethe 1/1/1ICX7450-48P(config-authen)#dot1x port-control auto ethe 1/1/1
Client end Setup (This can be achieved with Group Policy from AD, here we are doing for single client), Group policy setup not covered here.
NOTE: It is considered that Certificate provided by External CA is already installed in the computer/user under Personal and Trusted Root, as shown below.
Trusted Root CA
Open Run from Windows Client Machine.
>>>Search for services.msc
>>>In the services Search for Wired.conf and click on Start the service.
>>>Once service is started, in RUN type ncpa.cpl
>>>Select Ethernet interface , right click and select Properties
>>>Select Ethernet properties , click on Authentication.
Select the details as below
>>>Click on Setting(above image)
>>>Click on Advanced Settings(above image)