Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

EAP Chaining with Cisco ACS 5.x and the Cisco Anyconnect NAM Client

Hi Guys,

Whilst I’m well aware of the limitations of the built in the windows Wireless 802.1x supplicant. Is there a way, using the NAM client to authenticate both a computer and a user simultaneously, when used for authentication to wireless networks?

As has been posted many times before on this forum, this isn’t possible due to windows not authenticating with the 'computer account' whilst the user is logged in, but with the NAM client it seems possible to do both user and computer authentication based on the options it gives you with EAP-Fast and 'EAP Chaining'.

Can anyone validate this is possible? I have the design guide for exactly this for Cisco ISE but i need it to work on ACS (5.x).

Thanks in advance.

SteveH

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

EAP Chaining with AnyConnect

EAP Chaining with AnyConnect 3+ NAM is unique to ISE.

No plan to add it in ACS so ACS customers not moving to ISE would use MAR, instead; that is, use computer auth while the user not logged-in and use user auth after the user logged-in.

2 REPLIES
Cisco Employee

EAP Chaining with AnyConnect

EAP Chaining with AnyConnect 3+ NAM is unique to ISE.

No plan to add it in ACS so ACS customers not moving to ISE would use MAR, instead; that is, use computer auth while the user not logged-in and use user auth after the user logged-in.

New Member

Thanks hslai,

Thanks hslai,

You are correct, ISE only unfortunately.

SteveH

182
Views
0
Helpful
2
Replies
CreatePlease to create content