802.1x AAA Machine authentication

on Monday, May 21 21 May , in , 0 Comments

Using cisco ACs server you can authenticate Windows Machine whether it has joined to Domain or not. You can use below config in ACS server with Machine Access restriction enabled.





Rule1:-
WIRED-MAB
Wired MAB:-
Radius:NAS-Port-Type = Ethernet
Radius:Service-Type = Call Check

ANY  ANY ====>PERMIT ACCESS OR (DACL with permit ip any any)

RULE2:- (authenticating machines/host names with AD )
WIRED-MACHINE
Radius:NAS-Port-Type = Ethernet
Radius:Service-Type = framed

AD/Domain computers , ANY ====>PERMIT ACCESS OR (DACL with permit ip any dns , permit ip any DC's)

RULE3:- (authenticating user only if RULE2 is passed )
WIRED-USER
Radius:NAS-Port-Type = Ethernet
Radius:Service-Type = framed

was machine authenticated=TRUE  , Domain Users, ANY ====>PERMIT ACCESS OR (DACL with permit ip any any)




0 Response to "802.1x AAA Machine authentication"

Post a Comment

Subscribe to: Post Comments (Atom)
Powered by Blogger