Solved: User AND machine authentication using EWC

mnkojima · ‎02-10-2021

Hello

we are migrating a wireless environment to EWC running in a AP1815I and it is integrating in a RADIUS server Windows NPS.

Previous wireless solution was Aruba, where there was an option "enforce machine authentication" which enforced the user AND the machine to be authenticated by NPS in order to get access to wifi environment.

Does anyone know if I can set this option in EWC too?

Thank you

Marcos

Ric Beeching · ‎02-11-2021

I don't believe there's a Cisco equivalent on any of the wireless platforms; the assumption is that all 802.1X Auths are performed and enforced by the Authentication server which in this case is going to be windows NPS box and can also be combined with group policy if you control that part.

Machine Access Restriction (MAR) can achieve this but that requires Cisco ISE to be deployed in lieu of windows NPS. I don't think NPS can do it.

Ric

-----------------------------
Please rate helpful / correct posts

View solution in original post

Ric Beeching · ‎02-11-2021

I don't believe there's a Cisco equivalent on any of the wireless platforms; the assumption is that all 802.1X Auths are performed and enforced by the Authentication server which in this case is going to be windows NPS box and can also be combined with group policy if you control that part.

Machine Access Restriction (MAR) can achieve this but that requires Cisco ISE to be deployed in lieu of windows NPS. I don't think NPS can do it.

Ric

-----------------------------
Please rate helpful / correct posts