11-25-2013 04:35 AM - edited 03-10-2019 09:07 PM
We're in the process of completing our ISE deployment for Wireless but are having some issues with authentication combinations and not sure of which are possible or not.We would like to perform workstation auth based certificate authentication with Microsoft domain credentials authentication, a so called dual authentication using cert and username/password.
Is this possible using the Microsoft WIndows default supplicant?
05-19-2014 02:44 AM
refer
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_auth_pol.html
05-19-2014 09:42 AM
is this what you are looking for EAP Chaining which uses a machine certificate or a machine username / password locked to the device through the Microsoft domain enrollment process. When the device boots, it is authenticated to the network using 802.1X. When the user logs onto the device, the session information from the machine authentication and the user credentials are sent up to the network as part of the same user authentication. The combination of the two indicates that the device belongs to the corporation and the user is an employee.
http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/howto_80_eapchaining_deployment.pdf
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide