I'm trying to understand the posibilities of the ISE. I would like to configure host authentication without the client having to enter credentials for a second time after logging on to his pc.
Is this possible with DOT1X?
As far as I understand you have to enter your credentials twice. 1 time for windows logon and a second time in the supplicant (eg. Cisco Anyconnect) which sends the EAPOL start frame to the authenticator (switch).
MAB could works without user interference, but is bypassable when you spoof a mac address.
Is there another possibility to set this up?
Maybe I'm asking obvious questions, but I'm a ISE newbie.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...