Solved: Re: EAP-TLS Wireless Authentication for First time Windows Login Users

Richard Poon · ‎12-07-2021

I hope some network experts can give me ideas on how to handle this problem. We have Corporate WiFi for staff access with Cisco Wireless Controller/APs and authentication through ISE. It authenticate with user's SSL Certificate being assigned by Windows CA. All works well except that users need to connect to wired network for first time login to Windows and enrol user certificate before being able to connect the WiFi.

Currently, we have some users requiring WiFi access without any wired connection available for first time login. Is it possible to enable WiFi restricted access for the user to do that before gaining full access to network?

Thanks a lot

Richard

Greg Gibbs · ‎12-07-2021

This is due to the order of operations for the Windows supplicant 802.1x start vs. GPO load. See a similar discussion and suggestions in the following post.

ISE Deployment EAP-TLS Machine or User Certificates Native Supplicant

If the SSID is secured by 802.1x, the client must complete a successful 802.1x authentication to connect.

View solution in original post

Greg Gibbs · ‎12-07-2021

This is due to the order of operations for the Windows supplicant 802.1x start vs. GPO load. See a similar discussion and suggestions in the following post.

ISE Deployment EAP-TLS Machine or User Certificates Native Supplicant

If the SSID is secured by 802.1x, the client must complete a successful 802.1x authentication to connect.

Richard Poon · ‎12-10-2021

Thanks a lot Greg. That make sense. I will take a look on it. Hope to find a solution for this.

Richard

Peter Koltl · ‎12-12-2021

Native Supplicant Provisioning