08-05-2019 12:49 AM
Hi all
I just want to be clear on 2FA support with ISE , i have a customer mainly asking for 2FA on AAA for wired/Wireless Auth
From what I understand the following is possible with 2FA ?
1) Admin Logins on ISE portals
2) VPN AAA (AnyConnect and ISE Auth)
3) TACACS+
what is NOT possible with 2FA ?
1) Normal AAA on Wired and Wireless (EAP-MSchap or EAP-TLS)
2) Other NON-Admin Portals on ISE
Is that correct ?
Thx
Greg
Solved! Go to Solution.
08-05-2019 06:06 AM
08-05-2019 04:36 AM
08-05-2019 05:11 AM
Ok Fair enough I should have been clearer ...
When I say 2FA - the custom is expecting something like DUO / RSA Token / Google Auth / Microsoft Authenticator
/Greg
08-05-2019 06:06 AM
08-05-2019 11:49 PM
Thx for the replies
the customer wants second-factor auth for AAA for Wired and Wireless for all devices
So from what I understand the only way to do 2FA (MFA) via token / Ubikey / Whatever on Wired/Wireless AAA is using eap-fast ? ie NO EAP-Mschav2 or EAP-TLS ?
That means it will exclude Mobile devices .. as clients will have to use AC Nam with EAP chaining ...
Is that correct? any other ways to achieve this?
08-07-2019 11:27 AM
08-07-2019 11:33 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide