cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3059
Views
20
Helpful
5
Replies

MAC authentication and username/password

MrBeginner
Enthusiast
Enthusiast

Hi ,

I would like to ask about ISE.

can i do MAC authentication and username password or certification together in ISE ?

I mean our device firstly use MAC authentication and MAC is correct check the username and password or certificate. is it possible ?

I would like to do not only MAC authentication but also username password authentication.

1 Accepted Solution

Accepted Solutions

thomas
Cisco Employee
Cisco Employee

You may do MAC Authentication (MAB) OR you may do 802.1X (with a username+password or certificate).

These are 2 different methods and you cannot mix them.

802.1X authentication is superior to MAB because a MAC address may be spoofed, the user may have more than one device, or the device may randomize it's MAC address.

If you want to tie an authentication to a specific endpoint, you should use endpoint certificates with 802.1X.

View solution in original post

5 Replies 5

marce1000
VIP Mentor VIP Mentor
VIP Mentor

 

 - Normally it is not done that way, supplicant/dot1x protocols offer username based certification which is also much stronger , if it  is implemented (mac addresses may be forged).

 M.

MHM Cisco World
Advisor
Advisor