I would like to ask about ISE.
can i do MAC authentication and username password or certification together in ISE ?
I mean our device firstly use MAC authentication and MAC is correct check the username and password or certificate. is it possible ?
I would like to do not only MAC authentication but also username password authentication.
Go to Solution.
You may do MAC Authentication (MAB) OR you may do 802.1X (with a username+password or certificate).
These are 2 different methods and you cannot mix them.
802.1X authentication is superior to MAB because a MAC address may be spoofed, the user may have more than one device, or the device may randomize it's MAC address.
If you want to tie an authentication to a specific endpoint, you should use endpoint certificates with 802.1X.
View solution in original post
- Normally it is not done that way, supplicant/dot1x protocols offer username based certification which is also much stronger , if it is implemented (mac addresses may be forged).