topic How do I require client and machine Cert when using EAP-TLS on wireless? in Network Access Control

How do I require client and machine Cert when using EAP-TLS on wireless?

paulle — Tue, 05 Nov 2019 20:54:30 GMT

I have the same policy in ISE being used for both wired and wireless authorization. In the wired auths I see both user and computer certificates but on the wireless side I only ever see computer certs being used. How do I change this behavior so that it matches the wired ?

Re: How do I require client and machine Cert when using EAP-TLS on wireless?

Colby LeMaire — Tue, 05 Nov 2019 21:00:49 GMT

If the computers are only sending computer certificates on Wireless, that is a supplicant configuration issue. You can create a Wireless GPO to push out the correct supplicant settings. If using the built-in Microsoft supplicant, there is an option to do "Machine or User Authentication". It is probably configured to do "Machine Authentication Only".

Re: How do I require client and machine Cert when using EAP-TLS on wireless?

hslai — Sat, 09 Nov 2019 03:54:32 GMT

Like Colby.LeMaire said, this depends on the supplicants. Even with Windows native supplicants, the auth mode is configured for individual wireless networks and wired connections.