<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: 802.1x machine authentication in Network Access Control</title>
    <link>https://community.cisco.com/t5/network-access-control/802-1x-machine-authentication/m-p/391939#M5906</link>
    <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Would you share your config.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Thanks,&lt;/P&gt;&lt;P&gt;      Bo&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
    <pubDate>Thu, 28 Oct 2004 11:30:03 GMT</pubDate>
    <dc:creator>concue</dc:creator>
    <dc:date>2004-10-28T11:30:03Z</dc:date>
    <item>
      <title>802.1x machine authentication</title>
      <link>https://community.cisco.com/t5/network-access-control/802-1x-machine-authentication/m-p/391937#M5904</link>
      <description>&lt;P&gt;Hi,&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;in an environment where we have a catalyst Switch, an ACS Server and a Win2000 or XP Client, is it possible to set up 802.1x machine authentication without client being part of a ADS ?&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;is it possible to do machine authentication only with certificates (EAP TLS) ? &lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Regards&lt;/P&gt;&lt;P&gt;Dirk&lt;/P&gt;</description>
      <pubDate>Fri, 21 Feb 2020 18:11:29 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-access-control/802-1x-machine-authentication/m-p/391937#M5904</guid>
      <dc:creator>dhellmuth</dc:creator>
      <dc:date>2020-02-21T18:11:29Z</dc:date>
    </item>
    <item>
      <title>Re: 802.1x machine authentication</title>
      <link>https://community.cisco.com/t5/network-access-control/802-1x-machine-authentication/m-p/391938#M5905</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Hey Dirk -&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I've done machine authentication with 802.1x with ACS only.  The switch determined the computer's name and sent it to the ACS server and the ACS server accepted the machine name and placed the port in the correct vlan.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I can't help with your 2nd question; hopefully someone else can address it.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;thanks&lt;/P&gt;&lt;P&gt;peter&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Thu, 28 Oct 2004 01:50:43 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-access-control/802-1x-machine-authentication/m-p/391938#M5905</guid>
      <dc:creator>pcomeaux</dc:creator>
      <dc:date>2004-10-28T01:50:43Z</dc:date>
    </item>
    <item>
      <title>Re: 802.1x machine authentication</title>
      <link>https://community.cisco.com/t5/network-access-control/802-1x-machine-authentication/m-p/391939#M5906</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Would you share your config.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Thanks,&lt;/P&gt;&lt;P&gt;      Bo&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Thu, 28 Oct 2004 11:30:03 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-access-control/802-1x-machine-authentication/m-p/391939#M5906</guid>
      <dc:creator>concue</dc:creator>
      <dc:date>2004-10-28T11:30:03Z</dc:date>
    </item>
    <item>
      <title>Re: 802.1x machine authentication</title>
      <link>https://community.cisco.com/t5/network-access-control/802-1x-machine-authentication/m-p/391940#M5907</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;I believe you're talking Active Directory, right?&lt;/P&gt;&lt;P&gt;Machine-Authentication is only achievable with an Active Directory backend.&lt;/P&gt;&lt;P&gt;Machine-Authentication is available fron EAP-TLS and PEAP with EAP-MSCHAPv2.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Hope this helps.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Thu, 28 Oct 2004 13:09:11 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-access-control/802-1x-machine-authentication/m-p/391940#M5907</guid>
      <dc:creator>jafrazie</dc:creator>
      <dc:date>2004-10-28T13:09:11Z</dc:date>
    </item>
    <item>
      <title>Re: 802.1x machine authentication</title>
      <link>https://community.cisco.com/t5/network-access-control/802-1x-machine-authentication/m-p/391941#M5910</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Hi,&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;we've done some tests yesterday. For ACS without ADS  machine authentication is just like a user authentication, someone provides his name and password/certificate. We created an user account on ACS named "host/&lt;HOSTNAME&gt;" and ACS matched it when machine authentication was provides by the windows client.&lt;/HOSTNAME&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;But there were 2 problems:&lt;/P&gt;&lt;P&gt;- if we're using EAP-TLS, the certificate matching failed because ACS takes the machine name with a leading "host/" as the username and in the CN field of the certificate there is only the machine name.&lt;/P&gt;&lt;P&gt;- if we're using PEAP, we need a password for the ACS user account. The client provides a password that the ADS gave him. Where can i find that password ?&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Any comments welcome&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Regards&lt;/P&gt;&lt;P&gt;Dirk Hellmuth (CCSP)&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;CONET AG, Germany&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Fri, 29 Oct 2004 05:00:35 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-access-control/802-1x-machine-authentication/m-p/391941#M5910</guid>
      <dc:creator>dhellmuth</dc:creator>
      <dc:date>2004-10-29T05:00:35Z</dc:date>
    </item>
    <item>
      <title>Re: 802.1x machine authentication</title>
      <link>https://community.cisco.com/t5/network-access-control/802-1x-machine-authentication/m-p/391942#M5913</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Right:&lt;/P&gt;&lt;P&gt;That's why I was assuming you were using AD ;-). As for the password PEAP is using for machine-auth, it's the local system password from AD.&lt;/P&gt;&lt;P&gt;This should help further:&lt;/P&gt;&lt;P&gt;&amp;lt;&lt;A class="jive-link-custom" href="http://download.microsoft.com/download/b/0/e/b0e2a363-0044-4327-8f17-020818f57234/Wired_depl.doc" target="_blank"&gt;http://download.microsoft.com/download/b/0/e/b0e2a363-0044-4327-8f17-020818f57234/Wired_depl.doc&lt;/A&gt;&amp;gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Hope this helps.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Fri, 29 Oct 2004 05:34:40 GMT</pubDate>
      <guid>https://community.cisco.com/t5/network-access-control/802-1x-machine-authentication/m-p/391942#M5913</guid>
      <dc:creator>jafrazie</dc:creator>
      <dc:date>2004-10-29T05:34:40Z</dc:date>
    </item>
  </channel>
</rss>

