cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1393
Views
0
Helpful
4
Replies

User and Machine Auth cisco ISE

Tutu
Level 1
Level 1

Hello can i please know which is the best method for user and machine authentication ?

 

Thank you in a advance.

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

PKI and AD Integration.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Can u please give me a guide ? for configuration for wired please

Mike.Cifelli
VIP Alumni
VIP Alumni

You have a lot to consider here.  A few things you should be aware of/consider:

-In order to accomplish BOTH user and machine authentication you will need to rely on eap-chaining.  Typically this is/was accomplished via Cisco's EAP-FAST with AnyConnect NAM being used as your supplicant on clients.  The industry standard is EAP-TEAP which supports eap-chaining and the ability to rely on the Windows built-in native supp.  The caveat here is for TEAP support you need to be running at least ISE 2.7 and Win10 build (from May 2020 I believe).  If you decided to rely on AnyConnect NAM just keep in mind that now you will need to manage additional software on clients which includes keeping up with upgrades, user education, etc.  As @balaji.bandi mentioned your best (most secure) option is to rely on user/comp certs for auth.  See the following for additional info:

https://www.ise-support.com/2020/05/29/using-teap-for-eap-chaining/

https://community.cisco.com/t5/security-documents/ise-secure-wired-access-prescriptive-deployment-guide/ta-p/3641515

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/eap-fast/200322-Understanding-EAP-FAST-and-Chaining-imp.html

HTH!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: