11-09-2020 04:12 AM
Hello can i please know which is the best method for user and machine authentication ?
Thank you in a advance.
11-09-2020 04:20 AM
PKI and AD Integration.
11-09-2020 04:36 AM
Can u please give me a guide ? for configuration for wired please
11-09-2020 09:09 AM
11-09-2020 06:31 AM
You have a lot to consider here. A few things you should be aware of/consider:
-In order to accomplish BOTH user and machine authentication you will need to rely on eap-chaining. Typically this is/was accomplished via Cisco's EAP-FAST with AnyConnect NAM being used as your supplicant on clients. The industry standard is EAP-TEAP which supports eap-chaining and the ability to rely on the Windows built-in native supp. The caveat here is for TEAP support you need to be running at least ISE 2.7 and Win10 build (from May 2020 I believe). If you decided to rely on AnyConnect NAM just keep in mind that now you will need to manage additional software on clients which includes keeping up with upgrades, user education, etc. As @balaji.bandi mentioned your best (most secure) option is to rely on user/comp certs for auth. See the following for additional info:
https://www.ise-support.com/2020/05/29/using-teap-for-eap-chaining/
HTH!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide