Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2505
Views
5
Helpful
3
Replies

EAP-TLS Wireless Authentication for First time Windows Login Users

Go to solution
Richard Poon
Level 1
Level 1

‎12-07-2021 02:22 PM

I hope some network experts can give me ideas on how to handle this problem.  We have Corporate WiFi for staff access with Cisco Wireless Controller/APs and authentication through ISE.  It authenticate with user's SSL Certificate being assigned by Windows CA.  All works well except that users need to connect to wired network for first time login to Windows and enrol user certificate before being able to connect the WiFi.

Currently, we have some users requiring WiFi access without any wired connection available for first time login.  Is it possible to enable WiFi restricted access for the user to do that before gaining full access to network?

 

Thanks a lot

Richard

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎12-07-2021 02:33 PM

This is due to the order of operations for the Windows supplicant 802.1x start vs. GPO load. See a similar discussion and suggestions in the following post.

ISE Deployment EAP-TLS Machine or User Certificates Native Supplicant 

If the SSID is secured by 802.1x, the client must complete a successful 802.1x authentication to connect.

View solution in original post

3 Replies 3

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎12-07-2021 02:33 PM

This is due to the order of operations for the Windows supplicant 802.1x start vs. GPO load. See a similar discussion and suggestions in the following post.

ISE Deployment EAP-TLS Machine or User Certificates Native Supplicant 

If the SSID is secured by 802.1x, the client must complete a successful 802.1x authentication to connect.

Go to solution
Richard Poon
Level 1
Level 1

‎12-10-2021 07:19 AM

Thanks a lot Greg.  That make sense.  I will take a look on it.  Hope to find a solution for this.

 

Richard

0 Helpful

Go to solution
Peter Koltl
Level 7
Level 7

‎12-12-2021 02:32 AM

Native Supplicant Provisioning

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents