08-28-2019 10:53 AM - edited 08-28-2019 10:54 AM
I currently have ISE 2.4 setup with 802.1x for wired authentication using PEAP with EAP-MSCHAP v2. This works great. Recently my System Admin team rolled out credential guard, this causes the EAP-MSCHAP to not work. I need to now do EAP-TLS, certificate based.
On Windows 10, I changed the authentication method to Microsoft: Smart Card or other certificate. Now when I plug in a laptop or desktop, the NIC instantly says Authentication Failed. Any ideas?
Solved! Go to Solution.
09-03-2019 01:01 PM
09-03-2019 01:04 PM
Thanks everyone for your help. I was missing the machine cert AND the user cert for authentication. Without those on the supplicant, it wont even initiate the process. I was able to get this going, I have a rule as well in ISE where it attempts the EAP-TLS first, then the PEAP process. All is working fine now.
08-28-2019 11:02 AM
08-28-2019 09:25 PM
By default, Windows does not enable EAP on the wired interfaces. You have to enable this under the Windows Services (Wired AutoConfig). Once you have done that, go to the Ethernet adapter and then check the new Security tab that has appeared. Has the supplicant been provisioned?
08-29-2019 08:35 AM
I do have the WIred AutoConfig set, so I do see the Authentication tab. I am using the native windows 10 supplicant. My system admins are quite sure what settings to have set and checked. I see there are 2 places to have the Smart card or certificate selected. What should the windows settings be set to?
09-03-2019 01:01 PM
09-03-2019 01:04 PM
Thanks everyone for your help. I was missing the machine cert AND the user cert for authentication. Without those on the supplicant, it wont even initiate the process. I was able to get this going, I have a rule as well in ISE where it attempts the EAP-TLS first, then the PEAP process. All is working fine now.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide