01-14-2020 01:28 PM
Dear All,
can someone please point me a documentation (slides/video/workd) to describe guidelines to implement MAR (
Thanks
Giovanni
Solved! Go to Solution.
01-15-2020 02:45 PM
Hi Giovanni,
MAR is not a configuration in the supplicant, but rather an attempt by the RADIUS server to cache the machine credential and tie that to the user credential for the same MAC address. The only configuration in the Windows supplicant would be to ensure the 802.1x authentication mode is configured for 'User or computer authentication'
That said, MAR has various known issues is not recommended.
I know of many customers that quickly moved away from using MAR as these known issues were causing multiple user experience complaints.
The best option currently available would be to use Cisco AnyConnect NAM and EAP-Chaining.
ISE 2.7 does support EAP-TEAP, but Microsoft has not yet released support for TEAP in the Windows supplicant.
Cheers,
Greg
01-15-2020 02:45 PM
Hi Giovanni,
MAR is not a configuration in the supplicant, but rather an attempt by the RADIUS server to cache the machine credential and tie that to the user credential for the same MAC address. The only configuration in the Windows supplicant would be to ensure the 802.1x authentication mode is configured for 'User or computer authentication'
That said, MAR has various known issues is not recommended.
I know of many customers that quickly moved away from using MAR as these known issues were causing multiple user experience complaints.
The best option currently available would be to use Cisco AnyConnect NAM and EAP-Chaining.
ISE 2.7 does support EAP-TEAP, but Microsoft has not yet released support for TEAP in the Windows supplicant.
Cheers,
Greg
01-16-2020 08:04 AM
01-16-2020 12:43 PM
In short, the Windows native supplicant currently only supports EAP types that can send one credential at a time, whereas AC NAM supports EAP-FASTv2 with EAP-Chaining that enables sending both the machine and user credentials in the same message.
Take a look at this article written by one of the Cisco Technical Marketing Engineers.
Machine Authentication and User Authentication
Cheers,
Greg
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide