01-10-2018 02:20 AM
Hello Team,
I had a query on two factor authentication on LAN, can this be achievable on LAN. The requirement is to have the following-
- When the user connects his laptop on LAN, he should authenticate using his domain login and he should be prompted for a second factor before he is allowed access to the LAN.
- What is the licensing requirement to achieve this?
- Is there a limitation on the switch capability for this? Any particular variant only that supports this?
Regards,
Vikram
Solved! Go to Solution.
01-10-2018 11:10 PM
Vikram,
As already discussed on your internal post...
Yes, this is achievable in many different ways. Here a pointer to a particular session (BRKSEC-3697 from Melbourne 2017) which touches on various methods to achieve multiple identity auth. Also, OTP is supported for 802.1X and WebAuth to allow Token servers like RSA to be used as the ID store.
Craig
01-10-2018 02:42 AM
Hello,
1st Domain machine + certificate on machine
2nd Domain user + certificate on user(or username or password)
This will be simple dot1x authentication.\
You can check this Two Factor Authentication on ISE – 2FA on ISE
01-10-2018 04:26 PM
ISE does single authentications, other than EAP Chaining and CWA Chaining. However, a single authentication can be done with a multi-factor software/device. If not done already, I would suggest you to read:
01-10-2018 11:10 PM
Vikram,
As already discussed on your internal post...
Yes, this is achievable in many different ways. Here a pointer to a particular session (BRKSEC-3697 from Melbourne 2017) which touches on various methods to achieve multiple identity auth. Also, OTP is supported for 802.1X and WebAuth to allow Token servers like RSA to be used as the ID store.
Craig
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: