01-09-2015 11:53 AM - edited 03-10-2019 10:20 PM
Hey all. Seems like this should be an easy question, but after doing some reading, I'm still a little confused.
Can I authenticate a windows computer against ISE using EAP-TLS with a computer-only certificate and stay authorized when the user logs in? Or will it always try to authorize the user when they log in and break the connection if that fails?
Thanks for any clues.
01-09-2015 12:15 PM
You can stay logged in with the computer cert and not reauth. The setting to reauth is done on the supplicant you are using. Are you using windows native or anyconnect as the supplicant for 801.2x?
01-09-2015 12:38 PM
Thanks, Nicholas.
We've been using the native windows but will be moving to Anyconnect.
01-09-2015 12:44 PM
On the native client you can set the settings for 802.1x for the wireless settings of that Network for computer auth. It should only use the computer settings to authenticate and shouldn't change upon user login.
If using the anyconnect client. Download the profile editor and make configure the network through that and you can modify all sorts of settings. One being for computer auth or user auth and to allow for connection to be extended beyond log off.
Generally if you have it for computer auth the machine will authenticate prior to logon and shouldn't change based off login or logout of the machine.
01-09-2015 12:49 PM
Thanks, that's what I thought but the more I read the more I was confused. As a followup question, can you explain what EAP Chaining is? Does it apply to EAP-TLS or only EAP-FAST?
01-10-2015 05:13 PM
Hello Leroy-
EAP Chaining (Official name:EAP-TEAP [RFC-7170]) is a method that allows a supplicant to perform both machine and user authentication. In ISE, EAP-Chaining is enabled under the "EAP-FAST" protocol. For more info check out the the following links
Cisco TrustSec Guide:
RFC:
https://tools.ietf.org/html/draft-ietf-emu-eap-tunnel-method-01
Thank you for rating helpful posts!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide