Hello
I was reading the CiscoLive BRKSEC-2045 document and the author has an interesting slide that shows that Windows doesn't support the mixing of EAP methods when doing machine AND user authentication. In other words, you have to use either EAP-PEAP for both, or use EAP-TLS for both. He goes on to say that on MACOS this is different because that OS's supplicant allows mixing.
Anyone got experience with this?
I want to do the following:
- Machine authentication using a machine cert AuthZ to my ISE server - ISE drops PC into VLAN x
- When the user logs into the Windows logon prompt, it should use EAP-PEAP against my ISE server so that I can AuthZ the user to a dynamic VLAN, according to AD Security Groups.
Maybe I misinterpreted the BRKSEC-2045 document, but it seems this mixing of EAP methods is not possible.
BRKSEC-2045
