Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
718
Views
0
Helpful
4
Replies

EAP Chaining with Machine TLS and User PEAP

zma
Level 1
Level 1

‎02-23-2015 05:02 PM - edited ‎03-10-2019 10:29 PM

We are deploying an ISE based .1x. The design is to use eap-tls for machine and eap-peap for user. Apparently EAP-Chaining is recommended, but can anyone confirm if we can do chaining based on machine TLS and user PEAP. I have done some investigation and could not find any supporting document, but not any document saying not supporting either. Looking at Anyconnect profile editor, it does not look like this configuration is supported. Has anyone done this before?

 

Thanks a lot.

Labels:
0 Helpful
4 Replies 4

jan.nielsen
Level 7
Level 7

‎02-24-2015 04:45 AM

Yes, that is possible, i use it at a few different customers.

0 Helpful

zma
Level 1
Level 1
In response to jan.nielsen

‎02-24-2015 02:24 PM

Thanks Jan. Do you have any info or link I can follow?

0 Helpful

jan.nielsen
Level 7
Level 7
In response to zma

‎02-24-2015 03:51 PM

http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/howto_80_eapchaining_deployment.pdf

 

Just change the authentication policy to allow the methods you want to use under eap-fast (eap-chaining) and use the same ones in your nam client configuration settings.

 

 

0 Helpful

zma
Level 1
Level 1
In response to jan.nielsen

‎02-24-2015 04:19 PM

Thanks again. I have had another look at profile editor, it is configurable. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents