https://community.cisco.com/t5/network-access-control/ise-802-1x-eap-tls-machine-and-smart-card-authentication/m-p/3731960#M87577 <P>I am facing this same dilemma.&nbsp; The labminutes video is good, but doesn't cover this case.&nbsp; In the video, both the user and machine certs are on the machine.&nbsp; The OP was asking about PIV card login for user and machine certs (on the machine) for the computer.&nbsp; Does anyone have a solve for this that uses the Windows Native Supplicant?</P> Wed, 24 Oct 2018 18:34:57 GMT aamilbur 2018-10-24T18:34:57Z https://community.cisco.com/t5/network-access-control/ise-802-1x-eap-tls-machine-and-smart-card-authentication/m-p/2446626#M87574 <P>I suspect I know the answer to this, but thought that I would throw it out there anway...</P><P></P><P>With Cisco ISE 1.2 is it possible to enable 802.1x machine AND user smart card&nbsp; authentication simultaneously for wired/wireless clients (specifically&nbsp; Windows 7/8, but Linux or OSX would also be good).&nbsp; I can find plenty of&nbsp; information regarding 802.1x machine authentication (EAP-TLS) and user&nbsp; password authentication (PEAP), but none about dual EAP-TLS&nbsp; authentication using certificates for machines and users at the same time.&nbsp; I think I can figure out how to configure such a policy in ISE, but options seem to be lacking on the client end.&nbsp; For example, the Windows 7 supplicant seems only able to present either a machine or user smart card certificate, not one then the other.&nbsp; Plus, I am not sure how the client would know which certificate to present, or if the type can be specified from the authenticator.</P> Mon, 11 Mar 2019 04:28:59 GMT https://community.cisco.com/t5/network-access-control/ise-802-1x-eap-tls-machine-and-smart-card-authentication/m-p/2446626#M87574 ryanhitch 2019-03-11T04:28:59Z https://community.cisco.com/t5/network-access-control/ise-802-1x-eap-tls-machine-and-smart-card-authentication/m-p/2446627#M87576 <HTML><HEAD></HEAD><BODY><P>Hope this video link will help you</P><P><A class="jive-link-external-small" href="http://www.labminutes.com/sec0045_ise_1_1_wired_dot1x_machine_auth_eap-tls">http://www.labminutes.com/sec0045_ise_1_1_wired_dot1x_machine_auth_eap-tls</A></P></BODY></HTML> Mon, 03 Mar 2014 18:00:52 GMT https://community.cisco.com/t5/network-access-control/ise-802-1x-eap-tls-machine-and-smart-card-authentication/m-p/2446627#M87576 Ravi Singh 2014-03-03T18:00:52Z https://community.cisco.com/t5/network-access-control/ise-802-1x-eap-tls-machine-and-smart-card-authentication/m-p/3731960#M87577 <P>I am facing this same dilemma.&nbsp; The labminutes video is good, but doesn't cover this case.&nbsp; In the video, both the user and machine certs are on the machine.&nbsp; The OP was asking about PIV card login for user and machine certs (on the machine) for the computer.&nbsp; Does anyone have a solve for this that uses the Windows Native Supplicant?</P> Wed, 24 Oct 2018 18:34:57 GMT https://community.cisco.com/t5/network-access-control/ise-802-1x-eap-tls-machine-and-smart-card-authentication/m-p/3731960#M87577 aamilbur 2018-10-24T18:34:57Z https://community.cisco.com/t5/network-access-control/ise-802-1x-eap-tls-machine-and-smart-card-authentication/m-p/3733209#M87578 <P>AFAIK it should work as long as the smart card driver/software/firmware installed properly and the profile configured properly. Perhaps, these would help you:</P> <UL> <LI> <P><SPAN><A href="https://support.microsoft.com/en-us/help/281245/guidelines-for-enabling-smart-card-logon-with-third-party-certificatio" target="_blank">Guidelines for enabling smart card logon with third-party certification authorities</A></SPAN></P> </LI> <LI> <P><SPAN><A href="https://docs.microsoft.com/en-us/windows/desktop/nativewifi/smart-card-certificate-profile-sample" target="_blank">Smart Card Certificate Profile Sample | Microsoft Docs</A></SPAN></P> </LI> </UL> Thu, 25 Oct 2018 22:37:41 GMT https://community.cisco.com/t5/network-access-control/ise-802-1x-eap-tls-machine-and-smart-card-authentication/m-p/3733209#M87578 hslai 2018-10-25T22:37:41Z