02-01-2021 06:29 AM
Hi
I have Cisco ISE (2.7 patch2) and a need deploy PEAP with MS-CHAPv2 with verify certificate server. I need force what de Microsoft Windows 10 supplicant verify certificate server. The current deploy allow supplicant windows 10 join to the network without verificate server certificate. How I can force in Cisco ISE for what the supplicant windows 10 can force validate Certificate server for allow access to the network and no join to the network if the supplicant no verify certificate server??
Solved! Go to Solution.
02-01-2021 05:06 PM - edited 02-01-2021 05:08 PM
Ahh I understand the question now. This is 100% a client side verification and, as I understand, ISE has no visibility into this. The only option I could think of is to use the AnyConnect Network Access Module (NAM) as the supplicant instead. Then use ISE Posture to enforce the download of the appropriate XML config file which would then enforce the certificate validation check.
02-01-2021 07:02 AM
please take a look at: ISE Secure Wired Access Prescriptive Deployment Guide - search for Configuring Microsoft Windows 10 for Wired 802.1X.
Hope this helps !!!
02-01-2021 12:41 PM
Top check box in the screenshot below. Then also select the issuing CA in the list.
02-01-2021 03:48 PM
02-01-2021 05:06 PM - edited 02-01-2021 05:08 PM
Ahh I understand the question now. This is 100% a client side verification and, as I understand, ISE has no visibility into this. The only option I could think of is to use the AnyConnect Network Access Module (NAM) as the supplicant instead. Then use ISE Posture to enforce the download of the appropriate XML config file which would then enforce the certificate validation check.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide