I want to integrate my ACS 5.1 with AD, My request is to check for the machine authentication first. If the machine authentication passes the client username/password should be validated and client should be put in vlan X . If the machine authentication fails, the client username/password should be validated. If the authentication passes the client should be put in vlan Y
The wording on this is a little tricky, this means for machine authentication to work (PEAP or EAP-tls) you have to allow the protocol in the rule for it to work on the ACS side. When you click the on the service selection rule for default network access, you will the different protocol boxes checked.
Show Name: Thoughts on Security at Cisco Live US 2018 in Orlando
Contributors: Kevin Klous, David White Jr., Aaron Woland, Jeff Fanelli
Posting Date: June 2018
Description: The team goes on-site in the Cisco Live Speaker room in...
RADIUS and Symantec VIP.
I will use screenshots of ASDM, and at the end I will add the required CLI commands. the diagram below show a diagram of the steps the FW goes through when using 2FA authentication:
As you can see in Fig. 1&nbs...