Re: 802.1X Machine Authentication ONLY Wireless

Richard Lucht · ‎10-25-2017

I am new to 802.1x, we are using Cisco ISE 2.3 in a lab environment and we want to do 802.1x on wireless machine authentication only based on certificates. I am using a WLC 8.2 in this lab setup. The plan is to move to 8.3 once all the access points have been upgraded. Eventually we will also use this on wired connections along with MAB. But for now we are mostly concerned with wireless. I am looking for any help on how I should configure the WLAN and how I should build my policy set along with the PC network settings. Thanks in advance.

Francesco Molino · ‎10-25-2017

Hi

Here a video from labminutes on how to build certificate authentication policies: in new version there minding is quite the same.

http://www.labminutes.com/sec0186_ise_13_wireless_dot1x_eap-tls_peap_1

For all wlc and ise configuration (except certificates), here is a documentation from Cisco:

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/201044-802-1x-authentication-with-PEAP-ISE-2-1.pdf

As you'll authenticate using machine certificate, I bet certificates are sent from AD, don't forget to link your ise with your AD. In the first video they'll show you how to do otherwise you'll have other videos on labminutes website

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

bbiandov · ‎04-21-2019

Extremely useful post which does work in actuality:

http://www.hospitableit.com/howto/wireless-802-1x-for-machine-auth-only-using-nps/