- Dec 4, 2003
- 6,061
- 0
- 0
We are working on a couple of lab experiments with layer-2 NAC. We have a W2K3 set of servers. One is the AD, one an enterprise CA (MS), and one is a 4.1 Cisco ACS. I think the switches are 3600s. We are currently using the XP SP2 Microsoft supplicant. I have the AD passing the computer cert to the clients and the ACS authorizes the clients. But, if I add the Certificate Revocation List to the ACS parameters, the ACS will no longer work right (switch shows Unauthorized). The certs are valid and passed until we turned on CRL. We turned on CRL because the ACS caches the certs and if they get revoked, the ACS still thinks they are valid.
We are just starting to work it with Cisco, but I wanted to see if there was another opinion on what might be the issue. I had to use the URL to get the CRL in the settings for ACS.
We are just starting to work it with Cisco, but I wanted to see if there was another opinion on what might be the issue. I had to use the URL to get the CRL in the settings for ACS.