cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
619
Views
0
Helpful
2
Replies

EAP Chaining with Cisco ACS 5.x and the Cisco Anyconnect NAM Client

Steve11
Level 1
Level 1

Hi Guys,

Whilst I’m well aware of the limitations of the built in the windows Wireless 802.1x supplicant. Is there a way, using the NAM client to authenticate both a computer and a user simultaneously, when used for authentication to wireless networks?

As has been posted many times before on this forum, this isn’t possible due to windows not authenticating with the 'computer account' whilst the user is logged in, but with the NAM client it seems possible to do both user and computer authentication based on the options it gives you with EAP-Fast and 'EAP Chaining'.

Can anyone validate this is possible? I have the design guide for exactly this for Cisco ISE but i need it to work on ACS (5.x).

Thanks in advance.

SteveH

1 Accepted Solution

Accepted Solutions

hslai
Cisco Employee
Cisco Employee

EAP Chaining with AnyConnect 3+ NAM is unique to ISE.

No plan to add it in ACS so ACS customers not moving to ISE would use MAR, instead; that is, use computer auth while the user not logged-in and use user auth after the user logged-in.

View solution in original post

2 Replies 2

hslai
Cisco Employee
Cisco Employee

EAP Chaining with AnyConnect 3+ NAM is unique to ISE.

No plan to add it in ACS so ACS customers not moving to ISE would use MAR, instead; that is, use computer auth while the user not logged-in and use user auth after the user logged-in.

Steve11
Level 1
Level 1

Thanks hslai,

You are correct, ISE only unfortunately.

SteveH

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: