Is it possible to do use TEAP / EAP Chaining within ISE when using only the certificates as a check? Basically, just check cert is trusted and no other checks are done. Can the user and machine cert be chained using just this check?
@GRANT3779 yes, you can just check the certificates are valid and use EAP Chaining. You don't need to perform additional checks, such as lookup to an external ID source (i.e., AD).
@GRANT3779 yes, you can just check the certificates are valid and use EAP Chaining. You don't need to perform additional checks, such as lookup to an external ID source (i.e., AD).
I guess one last question would be around the authentication policy. For the "user not found" option would this need to be set to continue rather than reject (or whatever it says)?
@GRANT3779 I guess it depends on what you wish to achieve in that scenario? You could leave it as reject and have an authorisation rule "User failed and machine succeeded" and grant a level of access (restrict with DACL).
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
