Solved: Machine + User authentication / MAR / Timeout

mmisonne · ‎04-13-2013

Hello

I am using ISE 1.1.3.124.

My first question:
I want to know the relation between the attribute "WasMachineAuthenticated"
and the MAR (MAchine access restriction in advanced setting for AD).
Is-it the same or not ?

Once you time out, you need to do machine auth again. What is the timer ?
Using the attribute "WasMachineAuthenticated", is-it the same timer that you configure in MAR ?

My second question:
In a distributed environnement, is the information about machine previously authenticated replicated to all policy node ?
Because, if a swicth has 2 radius-server, we are not sure that it will point everytime to the same server.

Michel Misonne

Tarik Admani · ‎04-13-2013

Hi,

Yes the attribute you a referencing is related to the MAR settings which you pointed out.

The MAR cache is not replicated and I do not know if this is roadmapped because the Anyconnect NAM supplicant now supports EAP-Chaining.

Here is more information about that feature:

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html#wp43883

Thanks

Tarik Admani
*Please rate helpful posts*

View solution in original post

Tarik Admani · ‎04-13-2013

Hi,