Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4314
Views
0
Helpful
3
Replies

Two factor authentication on wireless

Daniel Hood
Level 1
Level 1

‎03-09-2016 08:46 AM - edited ‎07-05-2021 04:44 AM

We've got a wireless network set up already and we're getting a Cisco ISE for this project. We're investigating deploying two factor authentication, with the two factors being: Domain Username/Password and a Certificate. 

 

Is the only way to do two factor authentication like this with EAP-Chaining?

 

Will EAP-Chaining work on Android and Apple IOS devices? 

 

Labels:
0 Helpful
3 Replies 3

Philip D'Ath
VIP Alumni
VIP Alumni

‎03-09-2016 03:31 PM

Have you considered using a USB secure certificate token store instead?  An example is something like this:

http://www.safenet-inc.com/data-protection/password-protection-applications/?aldn-true

Basically you issue a certificate, and it is stored on the USB token.  You give this to the user along with (usually) a PIN.

The user plugs the token into their machine, and they get asked for the PIN.  This unlocks the certificate store, and it now shows up as a normal certificate store in windows.

Being a normal certificate store you can use the certificate for WiFi authentication, VPN authentication, Email encryption, etc.

You may be able to use other methods aside from a PIN.  I have only seen it used with a PIN.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card