Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
490
Views
0
Helpful
3
Replies

Do not validate authentication, ISE - Policy

nstr1
Level 1
Level 1

‎03-26-2019 12:38 AM


in my wired network and with the help of an ISE I have authentication with a trusted certificate. Users authenticate to the certificate with a user and password. Once you do loggin you can surf without problem.

 

but I have a doubt there is the possibility that those work stations that do not have the certificate installed ignore the certificate, that is, not authenticate ???

 

Can I do it through a policy in the ISE ???

0 Helpful
3 Replies 3

bern81
Level 1
Level 1

‎03-26-2019 01:17 AM

Hi Nestor,
Can you be more specific plz.
Users authenticate to the certificate with a user and password (I honestly do not get what do you mean).
0 Helpful

nstr1
Level 1
Level 1

‎03-26-2019 08:12 AM


if, in the laptop a certificate is installed, then when the computer starts a pop-up is immediately displayed and authentication is requested and the user must enter a user and password
0 Helpful

bern81
Level 1
Level 1
In response to nstr1

‎03-28-2019 06:07 AM

In that case the certificate is not involved (no eap-tls).

In your case it is PEAP (EAP-MSCHAPv2) which requires user and pass.

you can create an authentication policy to authenticate the username against AD for example.

and in the authorization policy you can specifiy that if the user is part of an AD group example /employees then apply Dacl, vlan ...

0 Helpful
Customers Also Viewed These Support Documents