Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1084
Views
0
Helpful
2
Replies

Fast switching? Px Grid?

Go to solution
ashvaras
Cisco Employee
Cisco Employee

‎07-21-2017 07:48 AM

HI there!  Im looking for some information that im having trouble finding.  Ive seen discussions on fast switching but it was unsupported with windows 7...im wondering if:

- Do we have any information on how Windows 10 Fast Switching works with ISE as well as Cisco Any Connect.

ALSO:

- Do we have any examples or guides on how reports can be generated out of ISE using pxGrid?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎07-21-2017 10:10 AM

Please ask questions about separate, unrelated topics (fast-user-switching and pxGrid) in separate community questions.

You are referring to Microsoft Windows Fast User Switching "feature".

With Microsoft Windows Fast User Switching the OS sends no notification of a logoff and logon of the user change therefore ISE cannot detect/know about this event and change network authorization accordingly:

In older operating systems, a user was required to log off before another user could log on. As of Windows XP, a user does not have to log off to allow another user to log on. Instead, it is possible for multiple users to log on and switch quickly between their open accounts. This feature is referred to as fast user switching.

If you use AnyConnect NAM for 802.1X authentication, it restricts network authentication to a single user. It will disable this feature to prevent such inconsistency in user login behavior to properly enforce network access per user.

Please see the Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 4.5  - Cisco for how the NAM Module does Single Sign On “Single User” Enforcement.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
thomas
Cisco Employee
Cisco Employee

‎07-21-2017 10:10 AM

Please ask questions about separate, unrelated topics (fast-user-switching and pxGrid) in separate community questions.

You are referring to Microsoft Windows Fast User Switching "feature".

With Microsoft Windows Fast User Switching the OS sends no notification of a logoff and logon of the user change therefore ISE cannot detect/know about this event and change network authorization accordingly:

In older operating systems, a user was required to log off before another user could log on. As of Windows XP, a user does not have to log off to allow another user to log on. Instead, it is possible for multiple users to log on and switch quickly between their open accounts. This feature is referred to as fast user switching.

If you use AnyConnect NAM for 802.1X authentication, it restricts network authentication to a single user. It will disable this feature to prevent such inconsistency in user login behavior to properly enforce network access per user.

Please see the Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 4.5  - Cisco for how the NAM Module does Single Sign On “Single User” Enforcement.

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee

‎07-21-2017 10:12 AM

802.1X in general is not supported well with fast user switching. CSCud51790 mentioned it not working with AnyConnect NAM.

ISE pxGrid has a live log, which shows us the connection attempts.

0 Helpful
Customers Also Viewed These Support Documents