Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

ACS with AD-with twin authentication

Hi Gurus

I want to integrate my ACS 5.1 with AD, My request is to check for the machine authentication first. If the machine authentication passes the client username/password should be validated and client should be put in vlan X . If the machine authentication fails, the client username/password should be validated. If the authentication passes the client should be put in vlan Y

Let me know if this is possible

Thanks

NikhiL

1 ACCEPTED SOLUTION

Accepted Solutions

ACS with AD-with twin authentication

Nikhil,

You can setup a condition in your authorization policy and check if the machine authentication was performed and base your result off this condition.

Here is a guide that fits your questions:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/users_id_stores.html#wp1235978

thanks,

Tarik Admani

Tarik Admani *Please rate helpful posts*
3 REPLIES

ACS with AD-with twin authentication

Nikhil,

You can setup a condition in your authorization policy and check if the machine authentication was performed and base your result off this condition.

Here is a guide that fits your questions:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/users_id_stores.html#wp1235978

thanks,

Tarik Admani

Tarik Admani *Please rate helpful posts*

ACS with AD-with twin authentication

Hi Tarik,

Thansks for the reply.

below is a line i found in the doc.

Administrator can configure whether or not MAR is enabled in the AD settings page. However for MAR to work the following limitations must be taken into account:

Machine authentication must be enabled in the authenticating protocol settings

Does this say the authenticator should enable mac-auth

Thanks

NikhiL

ACS with AD-with twin authentication

The wording on this is a little tricky, this means for machine authentication to work (PEAP or EAP-tls) you have to allow the protocol in the rule for it to work on the ACS side. When you click the on the service selection rule for default network access, you will the different protocol boxes checked.

Hope this helps,

Tarik Admani

Tarik Admani *Please rate helpful posts*
544
Views
0
Helpful
3
Replies