cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

197
Views
0
Helpful
2
Replies
Highlighted
Cisco Employee

How do I require client and machine Cert when using EAP-TLS on wireless?

I have the same policy in ISE being used for both wired and wireless authorization. In the wired auths I see both user and computer certificates but on the wireless side I only ever see computer certs being used. How do I change this behavior so that it matches the wired ?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Collaborator

If the computers are only sending computer certificates on Wireless, that is a supplicant configuration issue.  You can create a Wireless GPO to push out the correct supplicant settings.  If using the built-in Microsoft supplicant, there is an option to do "Machine or User Authentication".  It is probably configured to do "Machine Authentication Only".  

View solution in original post

2 REPLIES 2
Highlighted
Collaborator

If the computers are only sending computer certificates on Wireless, that is a supplicant configuration issue.  You can create a Wireless GPO to push out the correct supplicant settings.  If using the built-in Microsoft supplicant, there is an option to do "Machine or User Authentication".  It is probably configured to do "Machine Authentication Only".  

View solution in original post

Highlighted
Cisco Employee

Like Colby.LeMaire said, this depends on the supplicants. Even with Windows native supplicants, the auth mode is configured for individual wireless networks and wired connections.