topic Re: EAP-TLS Wireless Authentication for First time Windows Login Users in Network Access Control

EAP-TLS Wireless Authentication for First time Windows Login Users

Richard Poon — Tue, 07 Dec 2021 22:22:34 GMT

I hope some network experts can give me ideas on how to handle this problem. We have Corporate WiFi for staff access with Cisco Wireless Controller/APs and authentication through ISE. It authenticate with user's SSL Certificate being assigned by Windows CA. All works well except that users need to connect to wired network for first time login to Windows and enrol user certificate before being able to connect the WiFi.

Currently, we have some users requiring WiFi access without any wired connection available for first time login. Is it possible to enable WiFi restricted access for the user to do that before gaining full access to network?

Thanks a lot

Richard

Re: EAP-TLS Wireless Authentication for First time Windows Login Users

Greg Gibbs — Tue, 07 Dec 2021 22:33:20 GMT

This is due to the order of operations for the Windows supplicant 802.1x start vs. GPO load. See a similar discussion and suggestions in the following post.

ISE Deployment EAP-TLS Machine or User Certificates Native Supplicant

If the SSID is secured by 802.1x, the client must complete a successful 802.1x authentication to connect.

Re: EAP-TLS Wireless Authentication for First time Windows Login Users

Richard Poon — Fri, 10 Dec 2021 15:19:46 GMT

Thanks a lot Greg. That make sense. I will take a look on it. Hope to find a solution for this.

Richard

Re: EAP-TLS Wireless Authentication for First time Windows Login Users

Peter Koltl — Sun, 12 Dec 2021 10:32:50 GMT

Native Supplicant Provisioning