Re: Anyconnect NAM and Windows Native Supplicant running in parallel

Madura Malwatte · ‎04-22-2020

Has anyone tested or confirm whether Anyconnect NAM and Windows Native Supplicant can run in parallel on a machine? We have some users part of two organisations that use two separate ISE instances. Typical Org A users have NAM on their machines. Typical Org B users have windows supplicant on their machines. For users that go between both, if Anyconnect NAM is configured with profiles to connect to networks in Org A, can we also use a windows native supplicant wireless lan profile in Org B on the same machine?

Mike.Cifelli · ‎04-22-2020

Once you install NAM on a machine regardless of which Org in your scenario NAM will be the primary supplicant. Directly from Cisco docs:
Confusion about the Windows network status task tray icon—Network Access Manager overrides Windows network management. Therefore, after installing the Network Access Manager, you cannot use the network status icon to connect to networks.

Recommended Action Remove the Windows network icon from the task tray by setting Remove the networking icon in a Windows group policy. This setting affects only the tray icon. The user can still create native wireless networks using the Control Panel.

However, I have tested the following and it will work (note that I am not recommending this; simply sharing):
Push native supplicant configs via GPOs to a domain joined Windows box. Install and use NAM based on NAM profile + ISE configuration, uninstall NAM, and still be able to accomplish 8021x auth using the still configured native supplicant as a fallback. Obviously your sec protocols and policies must be set properly for this to work. Anyways, HTH!