Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1909
Views
0
Helpful
1
Replies

External laptop with their own EAP-TLS configuration

Go to solution
REJR77
Level 1
Level 1

‎04-07-2021 08:45 AM

Hi,

Our ISE is setup to authenticate our machines and users (EAP-TLS) with the default windows supplicant.

 

Sometines we have external partners that come to our network and we would like to allow them to access the network (wired). 

 

Is it possible to allow them to the network even if they already have another EAP-TLS configuration for their corporate network? (they won't trust our ISE...)

 

Of course the EAP-TLS will fail but how can we still allow them access the netowrk through MAB or Webredirect?

 

Thanks

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎04-08-2021 05:40 AM

IMO you have a couple of options here.  You could rely on mab as you mentioned, but the trick here would be getting the "approved" external laptops into a mab group and enabling it on your NADs.  You could add macs via some sort of manual way or possibly utilize the guest/sponsor portal solutions.  This really depends on your requirements and/or what is feasible for you in your environment.  I would suggest taking a peek at the following:

Guest/BYOD sections: Cisco ISE & NAC Resources - Cisco Community

Sponsor Portal User Guide for Cisco Identity Services Engine, Release 2.7 - Sponsor Portal Users Guide [Cisco Identity Services Engine] - Cisco

HTH!

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎04-08-2021 05:40 AM

IMO you have a couple of options here.  You could rely on mab as you mentioned, but the trick here would be getting the "approved" external laptops into a mab group and enabling it on your NADs.  You could add macs via some sort of manual way or possibly utilize the guest/sponsor portal solutions.  This really depends on your requirements and/or what is feasible for you in your environment.  I would suggest taking a peek at the following:

Guest/BYOD sections: Cisco ISE & NAC Resources - Cisco Community

Sponsor Portal User Guide for Cisco Identity Services Engine, Release 2.7 - Sponsor Portal Users Guide [Cisco Identity Services Engine] - Cisco

HTH!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents