Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Cisco ACS 5.4 support EAP Chaining

Hi my name is Ivan, I have a question

Does Cisco ACS v5.4 support EAP Chaining?

Perhaps I need to upgrade the ACS?

I have a deployment in my wired and wireless netwith EAP PEAP to authenticate machine and users.

Is possible to configure EAP Chaining in my deployment with PEAP?. 

Thanks for your answers.

Regards.

4 REPLIES
Cisco Employee

Re: Cisco ACS 5.4 support EAP Chaining

Hi Ivan,

As we have discussed before, machine and user authentication can be done with PEAP using ACS 5.4.

What all have you configured so far?

Would you like to pick wireless first or wired?

Based on your requirement, we will create a condition in access-policy > authorization rule.

Would like to authenticate someone

1.] Only with machine authentication

2.] Machine and user authentication

If you Just need second option to configure. I will send you the screen shots of configuration you need on ACS 5.4. Apart from that you only need to enable MAR under Ad settings.

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
Community Member

Re: Cisco ACS 5.4 support EAP Chaining

Hi Jatin thanks for your answer

We need to authenticate machine and users. In the ACS already configure the policy, and we already configure MAR.

Today we are a meeting with Cisco, and they talk us that EAP Chaining is the solution.

Is possible to configure EAP Chaining in my deployment PEAP?

Thanks for your answer.

Could you post your screen.

Regards

Cisco Employee

Re: Cisco ACS 5.4 support EAP Chaining

I won't be able to post screen shots at this time as I don't have access to lab ( @ home). However, can do it tomorrow morning. If you wish, post your screen shots from the access-policies > authorization rules and I will verify.

So when you say eap-chaning you mean to say user and machine certificate explicitly along with server and root ca certificate. If yes then answer is yes. With Peap, user/machine certificate are optional however with eap-tls, you've to have user/machine certificate installed on the machine.

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
Community Member

Re: Cisco ACS 5.4 support EAP Chaining

Hi Jatin

Tomorrow I'll post the images of the ACS.

Please could you explain me how to work eap chaining with ACS 5.4 to authenticate machine and user with EAP Chaining?

The users have native supplicant Windows 7 and 8

Regards

567
Views
0
Helpful
4
Replies
CreatePlease to create content