Table of Contents
Question
A network administrator is currently using Cisco ISE to authenticate devices and users via 802.1X. There is now a need to also authorize devices and users using EAP-TLS. Which two additional components must be configured in Cisco ISE to accomplish this? (Choose two.)
A. Certificate Authentication Profile
B. EAP Authorization Profile
C. Network Device Group
D. Common Name attribute that maps to an identity store
E. Serial Number attribute that maps to a CA Server
Answer
A. Certificate Authentication Profile
D. Common Name attribute that maps to an identity store
Explanation
The correct answers are A and D.
- Certificate Authentication Profile: This profile is used to define the requirements for EAP-TLS authentication. It specifies the type of certificate that is required, the CA server that is used to issue certificates, and the attributes that are extracted from the certificate.
- Common Name attribute that maps to an identity store: This attribute is used to map the Common Name (CN) of the certificate to an identity in an identity store. This allows Cisco ISE to identify the user or device that is connecting using EAP-TLS.
The other options are not required to configure EAP-TLS authorization in Cisco ISE.
- EAP Authorization Profile: This profile is used to define the authorization policies for EAP-TLS. However, it is not required to configure EAP-TLS authentication.
- Network Device Group: This group is used to group devices that are configured to use EAP-TLS authentication. However, it is not required to configure EAP-TLS authentication.
- Serial Number attribute that maps to a CA Server: This attribute is used to map the serial number of the certificate to a CA server. However, it is not required to configure EAP-TLS authentication.
In conclusion, the two additional components that must be configured in Cisco ISE to accomplish EAP-TLS authorization are:
- Certificate Authentication Profile
- Common Name attribute that maps to an identity store
Reference
- Understand and Configure EAP-TLS with a WLC and ISE – Cisco
- Configure EAP-TLS Authentication with ISE – Cisco
- Configuración de la autenticación EAP-TLS con ISE – Cisco
- Configuration Guide on EAP-TLS authentication for WPA-Enterprise (with FreeRADIUS) | TP-Link
- ISE Authentication and Authorization Policy Reference – Cisco Community
- Configure Cisco ISE 3.2 EAP-TLS with Microsoft Azure Active Directory – Cisco
- Understand and Configure EAP-TLS with Mobility Express and ISE (cisco.com)
- EAP-TLS – Cisco Community
- Solved: EAP-TLS and PEAP certificates in ISE – Cisco Community
Implementing and Configuring Cisco Identity Services Engine 300-715 SISE certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Implementing and Configuring Cisco Identity Services Engine 300-715 SISE exam and earn Implementing and Configuring Cisco Identity Services Engine 300-715 SISE certification.