11-25-2011 12:11 PM - edited 03-10-2019 06:34 PM
Hi Gurus
I want to integrate my ACS 5.1 with AD, My request is to check for the machine authentication first. If the machine authentication passes the client username/password should be validated and client should be put in vlan X . If the machine authentication fails, the client username/password should be validated. If the authentication passes the client should be put in vlan Y
Let me know if this is possible
Thanks
NikhiL
Solved! Go to Solution.
11-26-2011 08:51 AM
Nikhil,
You can setup a condition in your authorization policy and check if the machine authentication was performed and base your result off this condition.
Here is a guide that fits your questions:
thanks,
Tarik Admani
11-26-2011 08:51 AM
Nikhil,
You can setup a condition in your authorization policy and check if the machine authentication was performed and base your result off this condition.
Here is a guide that fits your questions:
thanks,
Tarik Admani
11-26-2011 09:04 AM
Hi Tarik,
Thansks for the reply.
below is a line i found in the doc.
Administrator can configure whether or not MAR is enabled in the AD settings page. However for MAR to work the following limitations must be taken into account:
–Machine authentication must be enabled in the authenticating protocol settings
Does this say the authenticator should enable mac-auth
Thanks
NikhiL
11-26-2011 07:48 PM
The wording on this is a little tricky, this means for machine authentication to work (PEAP or EAP-tls) you have to allow the protocol in the rule for it to work on the ACS side. When you click the on the service selection rule for default network access, you will the different protocol boxes checked.
Hope this helps,
Tarik Admani
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide