This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Hi to everyone,
We have ISE 2.4 deployed as Radius server for Windows clients in Wired and Wireless 802.1X authentication working with no problems for more than 1 year. We are using EAP-FAST with EAP-Chaining and MSCHAPv2 for user and machine authentication and NAM client.
Now we have new MacOS Laptops in the company and we want to authenticate them using the same protocols and Policies that we use for our Windows clients, we confirmed that NAM is not supported for MacOS .Is it possible to use the same policies and protocols that we use for windows in our MacOS clients using the native MacOS 802.1X client.? We don't have much experience with MacOS so if you have any guide to configure the MacOS native 802.1X client I would really appreciate it.
Solved! Go to Solution.
See a related conversation here:
https://community.cisco.com/t5/network-access-control/machine-user-auth-for-mac-osx/td-p/3471203
EAP Chaining with NAM technically uses EAP-FASTv2 which is Cisco proprietary and only available via the NAM client, which is not supported in OSX. To perform EAP Chaining on OSX, you will need to wait until Apple supports TEAP (RFC 7170) in their native supplicant for standards-based EAP Chaining and use ISE version 2.7 or later.
All current versions of OSX use Network Profiles (in XML format) for configuring 802.1x and the necessary certificates. Most large customers use JAMF Pro or some other MDM to create and deploy the necessary Profiles, enrol the certificates, etc. OSX does not have native capability to join an AD domain either, so you would typically rely on either PEAP-MSCHAPv2 user authentication or EAP-TLS with system and/or user certificates.
See a related conversation here:
https://community.cisco.com/t5/network-access-control/machine-user-auth-for-mac-osx/td-p/3471203
EAP Chaining with NAM technically uses EAP-FASTv2 which is Cisco proprietary and only available via the NAM client, which is not supported in OSX. To perform EAP Chaining on OSX, you will need to wait until Apple supports TEAP (RFC 7170) in their native supplicant for standards-based EAP Chaining and use ISE version 2.7 or later.
All current versions of OSX use Network Profiles (in XML format) for configuring 802.1x and the necessary certificates. Most large customers use JAMF Pro or some other MDM to create and deploy the necessary Profiles, enrol the certificates, etc. OSX does not have native capability to join an AD domain either, so you would typically rely on either PEAP-MSCHAPv2 user authentication or EAP-TLS with system and/or user certificates.