03-06-2019 11:46 PM
Hi,
For the newer ISE, is it possible to have machine and user certificate-based authentication just using native windows supplicant? Thanks
03-07-2019 02:11 PM
03-07-2019 08:18 PM
@Rob Ingram , How do you instruct the windows native supplicant to have machine and user certificate authentication because all I can see there is "Computer or User Authentication"?
03-08-2019 02:23 AM
So to confirm, the native supplicant can do machine/user authentication, these are 2 independant authentications. If you want to tie these authentications together (EAP-Chaining) then @Mike.Cifelli is correct you'll need EAP-FAST with AnyConnect supplicant.
What exactly are you looking to achieve?
03-08-2019 06:36 AM
Hi @Rob Ingram , yes I want to be successful for both machine and user cert authentication before getting an access to the network. The windows native supplicant cannot do it?
03-08-2019 07:09 AM - edited 03-08-2019 07:10 AM
Ok thanks for clarifying. The only other option (that I am aware of) is using MAR. This will combine both machine and user authentications. This useful link provides the pros and cons of using MAR, pay attention to MAR and Wired-wireless Switching section. I find this one of the main reasons not to use MAR.
HTH
03-08-2019 09:02 AM
Hi @Rob Ingram , thanks for providing the links and that section. I think it is not recommended to that in our environment much better if I advised my team to use NAM.
Using this NAM does not have any license dependencies right?
03-08-2019 09:17 AM
Hi,
Yes, use NAM would be recommended.
Nothing is ever free, AnyConnect licensing info here. Best you contact your Account Manager for further information.
HTH
04-04-2019 07:03 AM
Hi @Rob Ingram ,
I scrap the machine and user authentication design in my environment and I will be doing now just machine authentication.
Doing this kind of method, do I still need to reboot my machine every time I transfer connection from wired to wireless and vice versa?
Thanks
03-08-2019 09:06 AM
03-08-2019 09:09 AM
hi @Mike.Cifelli ,
If I use NAM module, there is no dependencies for the licensing right, this module is free? Also, if I use it then in a scenario of if my endpoint goes to sleep or goes for a logoff, does it still do machine and user authentication upon logging in or I still need to reboot my machine to initiate the machine authentication?
thanks
03-08-2019 09:21 AM
03-07-2019 05:11 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide