Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1751
Views
5
Helpful
2
Replies

ISE Machine authentication

miras
Level 5
Level 5

‎06-27-2016 01:23 PM - edited ‎02-21-2020 05:51 AM

How to do machine authentication?

Preview file
9 KB
0 Helpful
2 Replies 2

Francesco Molino
VIP Alumni
VIP Alumni

‎06-27-2016 03:52 PM

Hi

you can do in 2 common ways:

- by checking machine certificates pushed on machines by Active Directory

- by checking the machine itself if it is member of the AD group "computers"

on ISE side, those 2 ways would be your authorization conditions:

- for AD groupmembership, the condition for your authentication rule would be : (the simplest way and rule). (dot1x with Ad Group membership as source validation)

Ad.domain:externalgroups EQUAL ad.domain/Users/Domain Computers

- For certificate authenticatio, you need to create a certificate template and use it validate your machine (dot1x with certificate template as source validation)

Is it more clear?

Thanks

PS: Please don't forget to rate and mark as correct answer if this solved your issue 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

nspasov
Cisco Employee
Cisco Employee

‎07-02-2016 07:23 AM

Hi there, are you interested in doing machine authentication only or doing EAP-Chaining that you have listed in your screen shot?

If you want to see how EAP-Chaining is configured for both machine and user authentication I would suggest watching this video. It is older and references and older version of ISE but it is still good:

http://www.labminutes.com/sec0049_ise_1_1_user_machine_authentication_eap_chaining_part_2

I hope this helps!

Thank you for rating helpful posts!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card