cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5788
Views
40
Helpful
8
Replies

EAP-TEAP: First time user login/chicken & egg scenario

DanMN
Level 1
Level 1

Hi

 

Does EAP-TEAP solve the first time user login scenario when using EAP-TLS?

 

So, you image a new Windows PC, it gets the machine certificate and always authenticates fine. Then, a new user is given that device that's authenticated successfully and tries to login. The authentication fails because the User certificate isn't downloaded before network access is taken away.

 

I know you can put an ISE chaining policy with 'user failed, machine successful'. Will the device keep this access when the user auth fails so the certificate can be downloaded? And if the certificate has downloaded, will it attempt another User authentication so that SGTs/ACLs can be applied? Or would they need to log off/have the 'user failed, machine successful' policy force re-authentication?

 

Thanks

2 Accepted Solutions