topic ISE Authentication Policy in Network Access Control https://community.cisco.com/t5/network-access-control/ise-authentication-policy/m-p/3034360#M23364 <P>Hi,</P> <P>Just trying to ensure I am understanding the authentication policy that I see as default -</P> <P></P> <P>Authentication Policy -</P> <P>Dot1x - If Wired_802.1x OR Wireless_802.1x Allowed Protocols - Default Network Access &nbsp;<STRONG><EM>(Default Network Access has pretty much everything ticked</EM></STRONG>)</P> <P>Use - All_user_id_stores &nbsp; &nbsp;<STRONG><EM>(In there we have Internal, All AD join points, Guest Users)</EM></STRONG></P> <P><STRONG><EM></EM></STRONG></P> <P>What exactly will pass this policy?</P> <P></P> <P>Does this mean that if my client supplicant was using PEAP/EAP-TLS - will ISE look at the "Default Network Access" results to see if these protocols&nbsp;are allowed? If EAP-TLS was not configured/ticked in my Default Network Access results I assume the authentication would fail?</P> <P>How is my client/supplicant cert (EAP-TLS) authenticated when ISE looks at the All_user_id_store? Does ISE match the cert against a locally configured/installed cert or AD?</P> <P></P> <P>Thanks</P> Mon, 11 Mar 2019 07:34:37 GMT GRANT3779 2019-03-11T07:34:37Z ISE Authentication Policy https://community.cisco.com/t5/network-access-control/ise-authentication-policy/m-p/3034360#M23364 <P>Hi,</P> <P>Just trying to ensure I am understanding the authentication policy that I see as default -</P> <P></P> <P>Authentication Policy -</P> <P>Dot1x - If Wired_802.1x OR Wireless_802.1x Allowed Protocols - Default Network Access &nbsp;<STRONG><EM>(Default Network Access has pretty much everything ticked</EM></STRONG>)</P> <P>Use - All_user_id_stores &nbsp; &nbsp;<STRONG><EM>(In there we have Internal, All AD join points, Guest Users)</EM></STRONG></P> <P><STRONG><EM></EM></STRONG></P> <P>What exactly will pass this policy?</P> <P></P> <P>Does this mean that if my client supplicant was using PEAP/EAP-TLS - will ISE look at the "Default Network Access" results to see if these protocols&nbsp;are allowed? If EAP-TLS was not configured/ticked in my Default Network Access results I assume the authentication would fail?</P> <P>How is my client/supplicant cert (EAP-TLS) authenticated when ISE looks at the All_user_id_store? Does ISE match the cert against a locally configured/installed cert or AD?</P> <P></P> <P>Thanks</P> Mon, 11 Mar 2019 07:34:37 GMT https://community.cisco.com/t5/network-access-control/ise-authentication-policy/m-p/3034360#M23364 GRANT3779 2019-03-11T07:34:37Z