Windows natively supports only using the same EAP type for both machine and user authentication. If you want to use different authentication methods, you will need a 3rd party supplicant such as the AnyConnect client with Network Manager.
Jason Boyers, CCIE #26024 (Wireless) Blog: netboyers.wordpress.com On Fri, Oct 25, 2013 at 5:00 PM, Justin Kurynny <[email protected]>wrote: > Marvin,**** > > ** ** > > Just to add on to my previous comment, you may be able to use EAP-TTLS, > which is supported natively in Windows 8 (according to the Wikipedia > article on EAP). I’m not sure what you’d use for a AAA server, however. I’m > pretty sure ISE and ACS don’t support EAP-TTLS. W2k13 Server may support it. > **** > > ** ** > > Justin**** > > ** ** > > *From:* Justin Kurynny > *Sent:* Friday, October 25, 2013 13:53 > *To:* 'Marvin Krym'; [email protected] > *Subject:* RE: [OSL | CCIE_Wireless] Windows Wireless Client/Supplicant > Config Question**** > > ** ** > > Marvin,**** > > ** ** > > Are you trying to use both authentication types simultaneously (AND)? If > so, I don’t know of any support for this except for maybe EAP Chaining with > AnyConnect as supplicant and ISE as authenticator, and even then I think > you’ll need to use EAP-FAST as one of the methods.**** > > ** ** > > If you are trying to do this as an OR authentication (such as with connect > before login), you may be able to do this natively on W7 or higher, but > I’ve never tried it and the configuration dialogs don’t look promising. > It’s possible you could be able to do it with AnyConnect, but you’d need to > set up an AnyConnect profile using the administration tool.**** > > ** ** > > As a side note, I recall reading about Tunneled EAP (TEAP), which was a > draft proposal to the IETF in 2011 and renewed in 2012. I believe TEAP > would have supported multiple authentication methods inside a tunnel. I’m > not sure where that initiative stands now, but it would be nice to have a > method for using more than one EAP method to authenticate an endpoint/user > combination.**** > > ** ** > > Justin**** > > ** ** > > *From:* [email protected] > [mailto:[email protected]] *On Behalf Of *Marvin > Krym > *Sent:* Friday, October 25, 2013 10:16 > *To:* [email protected] > *Subject:* [OSL | CCIE_Wireless] Windows Wireless Client/Supplicant > Config Question**** > > ** ** > > Is it possible to configure the Windows wireless client/supplicant to do > machine auth by sending a machine cert (ie EAP-TLS) and then do user auth > by using PEAP/MSCHAP? It seems to me that I have to chose one EAP type or > the other. Any clarifciation would be appreciated.**** > > **** > > Thanks.**** > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
