09-17-2013 08:59 AM - edited 03-10-2019 08:54 PM
Hi
I have ISE 1.1 : user authentication is working fine
Now I need to implement machine authentication
But I have 2 requirement
1- User must remove and plug his network cable as he want (without close windows session or restart his computer) and his computer should be authenticated evry time as with user authentication
2- I must not install any software or client applicatin on the computer
Is there any method of machine authentication that respect thise 2 requirements above
Regards
09-17-2013 09:44 AM
So are you looking for ONLY machine authentication or you want machine to be authenticated first place followed by a user authentication.
~BR
Jatin Katyal
**Do rate helpful posts**
09-17-2013 10:17 AM
Yes I want machine to be authenticated first place followed by a user authentication
09-17-2013 10:23 AM
I guess you need to review the below listed thread as we are discussing the same thing. You have to create an authorization rule highlighted in the screen shot.
https://supportforums.cisco.com/message/4044276#4044276
~BR
Jatin Katyal
**Do rate helpful posts**
09-17-2013 10:41 AM
09-17-2013 11:52 AM
Best way would be to run a MS CA, use GPO to push certs to the computers and set up the local supplicant (again via GPO) to use EAP TLS. It's not bad if you're all Win7. If you have some XP machines, a separate policy will be required.
We did this and it ran pretty well, for both wired and wireless.
09-17-2013 05:51 PM
Kindly check the following link for MAB configuration and working
http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a008087ad6f.pdf
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide