03-26-2019 12:38 AM
in my wired network and with the help of an ISE I have authentication with a trusted certificate. Users authenticate to the certificate with a user and password. Once you do loggin you can surf without problem.
but I have a doubt there is the possibility that those work stations that do not have the certificate installed ignore the certificate, that is, not authenticate ???
Can I do it through a policy in the ISE ???
03-26-2019 01:17 AM
03-26-2019 08:12 AM
03-28-2019 06:07 AM
In that case the certificate is not involved (no eap-tls).
In your case it is PEAP (EAP-MSCHAPv2) which requires user and pass.
you can create an authentication policy to authenticate the username against AD for example.
and in the authorization policy you can specifiy that if the user is part of an AD group example /employees then apply Dacl, vlan ...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide