Description

Certificate-based client authentication is used in EAP-TLS environments. An advantage of using EAP-TLS is the openness of the standard, wide vendor support, and high security. Authorization is performed after authentication, when the identity of the client is already established. The authorization attributes that are sent via RADIUS to the network access devices are first configured in the ISE as authorization profiles. In this course, you will learn about certificate-based client authentication. You will also explore Cisco Identity Services Engine (ISE) authorization including how the Cisco ISE performs authorization to assign privileges to client sessions, the use of downloadable ACLs as authorization policy elements, and how Cisco ISE authorization policy rules are used to match conditions and apply authorization profiles.