Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
508
Views
0
Helpful
6
Replies

ISE and machine authentication

nicanor00
Level 1
Level 1

‎09-17-2013 08:59 AM - edited ‎03-10-2019 08:54 PM

Hi

I have ISE 1.1  : user authentication is working fine

Now I need to implement machine authentication

But I have 2 requirement

1- User must remove and plug his network cable as he want (without close windows session or restart his computer) and his computer should be authenticated evry time as with user authentication

2- I must not install any software or client applicatin on the computer

Is there any method of machine authentication that respect thise 2 requirements above

Regards

Labels:
0 Helpful
6 Replies 6

Jatin Katyal
Cisco Employee
Cisco Employee

‎09-17-2013 09:44 AM

So are you looking for ONLY machine authentication or you want machine to be authenticated first place followed by a user authentication.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin
0 Helpful

nicanor00
Level 1
Level 1
In response to Jatin Katyal

‎09-17-2013 10:17 AM

Yes I want machine to be authenticated first place followed by a user authentication

0 Helpful

Jatin Katyal
Cisco Employee
Cisco Employee
In response to nicanor00

‎09-17-2013 10:23 AM

I guess you need to review the below listed thread as we are discussing the same thing. You have to create an authorization rule highlighted in the screen shot.

https://supportforums.cisco.com/message/4044276#4044276

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin
0 Helpful

harvisin
Level 3
Level 3

‎09-17-2013 10:41 AM

Hello,

The link below will definetely help you out:-

https://supportforums.cisco.com/docs/DOC-21825

0 Helpful

rikkoenig
Level 1
Level 1

‎09-17-2013 11:52 AM

Best way would be to run a MS CA, use GPO to push certs to the computers and set up the local supplicant (again via GPO) to use EAP TLS. It's not bad if you're all Win7. If you have some XP machines, a separate policy will be required.

We did this and it ran pretty well, for both wired and wireless.

0 Helpful

kaaftab
Level 4
Level 4

‎09-17-2013 05:51 PM

Kindly check the following link for MAB configuration and working

http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a008087ad6f.pdf

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents