05-26-2021 01:40 AM
Hi,
We have a customer that currently is running with Anyconnect NAM for EAP chaining, using machine cert and user/pass.
All that is working fine with ISE.
Now the customer is very interested in using Windows Hello to login on their PCs, which presents a challenge as NAM no longer can get a username to pass for authentication.
Has anyone tried Windows Hello combined with ISE?
Will EAP chaining using NAM be the way to go, or will TEAP be a better way to solve this.
Any input is welcome.
Solved! Go to Solution.
05-26-2021 05:36 AM
Will EAP chaining using NAM be the way to go, or will TEAP be a better way to solve this.
-Not sure, but if switching to TEAP you should know that there are minimum reqs for Win and ISE versions in order to support TEAP. This should help: Using TEAP for EAP Chaining – Cisco ISE Tips, Tricks, and Lessons Learned (ise-support.com)
05-26-2021 06:39 AM
Windows Hello offer 2 types of underlying credentials : certificates or key pair.
For 802.1X, only certificates can be passed from the supplicant to ISE for authentication.
05-26-2021 05:36 AM
Will EAP chaining using NAM be the way to go, or will TEAP be a better way to solve this.
-Not sure, but if switching to TEAP you should know that there are minimum reqs for Win and ISE versions in order to support TEAP. This should help: Using TEAP for EAP Chaining – Cisco ISE Tips, Tricks, and Lessons Learned (ise-support.com)
05-26-2021 06:39 AM
Windows Hello offer 2 types of underlying credentials : certificates or key pair.
For 802.1X, only certificates can be passed from the supplicant to ISE for authentication.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide