×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Cisco ACS 5.4 support EAP Chaining

Unanswered Question
Oct 2nd, 2013
User Badges:

Hi my name is Ivan, I have a question


Does Cisco ACS v5.4 support EAP Chaining?


Perhaps I need to upgrade the ACS?


I have a deployment in my wired and wireless netwith EAP PEAP to authenticate machine and users.


Is possible to configure EAP Chaining in my deployment with PEAP?. 


Thanks for your answers.


Regards.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jatin Katyal Wed, 10/02/2013 - 20:08
User Badges:
  • Cisco Employee,

Hi Ivan,


As we have discussed before, machine and user authentication can be done with PEAP using ACS 5.4.


What all have you configured so far?


Would you like to pick wireless first or wired?


Based on your requirement, we will create a condition in access-policy > authorization rule.


Would like to authenticate someone

1.] Only with machine authentication

2.] Machine and user authentication


If you Just need second option to configure. I will send you the screen shots of configuration you need on ACS 5.4. Apart from that you only need to enable MAR under Ad settings.



~BR
Jatin Katyal

**Do rate helpful posts**

ivan.martin Wed, 10/02/2013 - 20:13
User Badges:

Hi Jatin thanks for your answer


We need to authenticate machine and users. In the ACS already configure the policy, and we already configure MAR.


Today we are a meeting with Cisco, and they talk us that EAP Chaining is the solution.


Is possible to configure EAP Chaining in my deployment PEAP?


Thanks for your answer.


Could you post your screen.


Regards

Jatin Katyal Wed, 10/02/2013 - 20:20
User Badges:
  • Cisco Employee,

I won't be able to post screen shots at this time as I don't have access to lab ( @ home). However, can do it tomorrow morning. If you wish, post your screen shots from the access-policies > authorization rules and I will verify.


So when you say eap-chaning you mean to say user and machine certificate explicitly along with server and root ca certificate. If yes then answer is yes. With Peap, user/machine certificate are optional however with eap-tls, you've to have user/machine certificate installed on the machine.


~BR
Jatin Katyal

**Do rate helpful posts**

ivan.martin Wed, 10/02/2013 - 20:57
User Badges:

Hi Jatin


Tomorrow I'll post the images of the ACS.


Please could you explain me how to work eap chaining with ACS 5.4 to authenticate machine and user with EAP Chaining?


The users have native supplicant Windows 7 and 8


Regards

Actions

This Discussion