User and Machine Auth cisco ISE
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-09-2020 04:12 AM
Hello can i please know which is the best method for user and machine authentication ?
Thank you in a advance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-09-2020 04:20 AM
PKI and AD Integration.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-09-2020 04:36 AM
Can u please give me a guide ? for configuration for wired please
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-09-2020 09:09 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-09-2020 06:31 AM
You have a lot to consider here. A few things you should be aware of/consider:
-In order to accomplish BOTH user and machine authentication you will need to rely on eap-chaining. Typically this is/was accomplished via Cisco's EAP-FAST with AnyConnect NAM being used as your supplicant on clients. The industry standard is EAP-TEAP which supports eap-chaining and the ability to rely on the Windows built-in native supp. The caveat here is for TEAP support you need to be running at least ISE 2.7 and Win10 build (from May 2020 I believe). If you decided to rely on AnyConnect NAM just keep in mind that now you will need to manage additional software on clients which includes keeping up with upgrades, user education, etc. As @balaji.bandi mentioned your best (most secure) option is to rely on user/comp certs for auth. See the following for additional info:
https://www.ise-support.com/2020/05/29/using-teap-for-eap-chaining/
HTH!
