12-03-2020 04:18 AM
Hi Experts,
Currently facing an issue with machine authentication and user authentication.
I have a basic understanding of the authentication the whole process, and I am not using EAP-Chaining or TEAP, just simple MAR on ISE.
So my question is that once my computer with a wired plugin and before the user login to the windows, now I should have machine authentication. So if my authentication passed, let's say ISE just assigned me to a VLAN that I have access to the AD, so I got an IP address, is my understanding correct?
After I input my user credential and windows use my user credential to access the wired network, then I have another profile from ISE, my pc is assigned to another VLAN, during this time will my PC IP address refresh by itself? (Not like the posture module configuration that will have a VLAN detection feature haha)
The policy set I design is like:
1st Rule :
iselabin.local:ExternalGroups==Domain Computers
With the 1st rule, the machine will get authorized access when the machine boots up ( Before the user enters his credentials)
2nd Rule:
Network Access:WasMachineAuthenticated ==True
AND
iselabin.local:ExternalGroups==Domain Users
Thanks a lot in advance for the help and looking forward to any feedback!
Solved! Go to Solution.
12-21-2020 10:24 AM
Your are correct, Rayyyy, this should work fine.
12-03-2020 11:27 PM
Hi folks,
I see this configuration on the Windows PC, I supposed it can change VLAN after the user login and machine have already authenticated successfully.
Thanks
12-21-2020 10:24 AM
Your are correct, Rayyyy, this should work fine.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide