topic is this what you are looking in Network Access Control

Authentication combinations with ISE 1.2

kevinr002 — Mon, 11 Mar 2019 04:07:46 GMT

We're in the process of completing our ISE deployment for Wireless but are having some issues with authentication combinations and not sure of which are possible or not.We would like to perform workstation auth based certificate authentication with Microsoft domain credentials authentication, a so called dual authentication using cert and username/password.

Is this possible using the Microsoft WIndows default supplicant?

referhttp://www.cisco.com/c

Saurav Lodh — Mon, 19 May 2014 09:44:07 GMT

refer

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_auth_pol.html

is this what you are looking

Venkatesh Attuluri — Mon, 19 May 2014 16:42:59 GMT

is this what you are looking for EAP Chaining which uses a machine certificate or a machine username / password locked to the device through the Microsoft domain enrollment process. When the device boots, it is authenticated to the network using 802.1X. When the user logs onto the device, the session information from the machine authentication and the user credentials are sent up to the network as part of the same user authentication. The combination of the two indicates that the device belongs to the corporation and the user is an employee.

http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/howto_80_eapchaining_deployment.pdf