Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
882
Views
0
Helpful
4
Replies

Cisco ACS 5.4 support EAP Chaining

ivan.martin
Level 1
Level 1

‎10-02-2013 07:52 PM - edited ‎03-10-2019 08:57 PM

Hi my name is Ivan, I have a question

Does Cisco ACS v5.4 support EAP Chaining?

Perhaps I need to upgrade the ACS?

I have a deployment in my wired and wireless netwith EAP PEAP to authenticate machine and users.

Is possible to configure EAP Chaining in my deployment with PEAP?. 

Thanks for your answers.

Regards.

Labels:
0 Helpful
4 Replies 4

Jatin Katyal
Cisco Employee
Cisco Employee

‎10-02-2013 08:08 PM

Hi Ivan,

As we have discussed before, machine and user authentication can be done with PEAP using ACS 5.4.

What all have you configured so far?

Would you like to pick wireless first or wired?

Based on your requirement, we will create a condition in access-policy > authorization rule.

Would like to authenticate someone

1.] Only with machine authentication

2.] Machine and user authentication

If you Just need second option to configure. I will send you the screen shots of configuration you need on ACS 5.4. Apart from that you only need to enable MAR under Ad settings.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin
0 Helpful

ivan.martin
Level 1
Level 1
In response to Jatin Katyal

‎10-02-2013 08:13 PM

Hi Jatin thanks for your answer

We need to authenticate machine and users. In the ACS already configure the policy, and we already configure MAR.

Today we are a meeting with Cisco, and they talk us that EAP Chaining is the solution.

Is possible to configure EAP Chaining in my deployment PEAP?

Thanks for your answer.

Could you post your screen.

Regards

0 Helpful

Jatin Katyal
Cisco Employee
Cisco Employee
In response to ivan.martin

‎10-02-2013 08:20 PM

I won't be able to post screen shots at this time as I don't have access to lab ( @ home). However, can do it tomorrow morning. If you wish, post your screen shots from the access-policies > authorization rules and I will verify.

So when you say eap-chaning you mean to say user and machine certificate explicitly along with server and root ca certificate. If yes then answer is yes. With Peap, user/machine certificate are optional however with eap-tls, you've to have user/machine certificate installed on the machine.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin
0 Helpful

ivan.martin
Level 1
Level 1
In response to Jatin Katyal

‎10-02-2013 08:57 PM

Hi Jatin

Tomorrow I'll post the images of the ACS.

Please could you explain me how to work eap chaining with ACS 5.4 to authenticate machine and user with EAP Chaining?

The users have native supplicant Windows 7 and 8

Regards

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents