Cisco Community
English
Register
LEARN MORE about Cisco's cybersecurity announcements this week
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2308
Views
35
Helpful
17
Replies
RJI
VIP Advisor RJI VIP Advisor
VIP Advisor
‎03-27-2019 06:12 AM
‎03-27-2019 06:12 AM

Re: Configure Wired 802.1X with NPS

What error do you get when you use a custom template?
Why exactly do you need to use a custom template?
What error (in the NPS server logs) do you get when the computer authentication fails?

I wouldn't use that command, the NPS server is not authenticating the users then, that's not what you want.

What errors (in the NPS server logs) do you get when attempting to authenticate MAB devices? What did you define as the password for these accounts?
Reply
MrBeginner
MrBeginner Participant
Participant
‎03-27-2019 06:26 PM
‎03-27-2019 06:26 PM

Re: Configure Wired 802.1X with NPS

Hi ,

I followed this links    . I defined mac address as username and password in AD.and i also to stored Mac address in NPS.

Everyone's tags (2)
0 Helpful
Reply
Kombi
Kombi Beginner
Beginner
‎10-06-2019 01:16 PM
‎10-06-2019 01:16 PM

Re: Configure Wired 802.1X with NPS

If you want to authenticate a PC to allow users to connect via wireless and not be prompted for a password after they have logged into the PC, you should use TLS (Smartcard).  However, you will need a PKI (Cert Server) issuing certs to all your PC"s.  At that stage, you might as well do users too. This can be done with the MS Cert server and AD.  But all nodes will have to be hardwired once to pull the cert when they log in.  After they get the cert, you will be good to go. 

 

One of the most significant issues I have seen with any authentication type is making sure you picked the correct cert under setting highlight your EAP type and click edit.  You will get a popup box.  Make sure you have the correct root cert being used on your NPS policy.  The next one is to change the user and computer Dial-in profile in AD from NPS control to allow access.  I have run into issues when they are set to allow NPS to control policy.  If you use PEAP, you do not need a PKI, but you will need a cert on NPS that is trusted by all your clients.  A third party cert, such as Godaddy, would work because, in most cases, the node will already have GoDaddy as a trusted cert provider.   You will have to make sure that under settings Authentication Methods, you edit your EAP type to match your desired cert.   Remember, you also have to make sure you add your AP (Meraki)  or Wireless controllers to the NPS server.

 

I hope this helps.

Reply
Latest Contents
How to find/get the registration key from FTD
Created by Eahwar34 on 12-06-2019 03:14 AM
0
0
0
0
We are in need of finding registration key used for our FTD , unfortunately we have forget the key and also it is encrypted . How to find the key from FTD ?
ISE My Devices & Sponsor Portal as a User Change Password Po...
Created by Jason Kunst on 12-05-2019 10:24 AM
0
0
0
0
This is to address those customers coming to ISE from ACS or new to ISE that need a password change portal (UCP) What are the licensing requirements for this solution? My Devices - For using the password change with My Devices you need plus licenses as ... view more
WHITEPAPER - Firepower Threat Defense Cloud Management with ...
Created by Marvin Rhoads on 11-29-2019 07:57 PM
0
10
0
10
  Overview   In this paper we will document the configuration and operation of an integrated solution that includes identity management, firewall, cloud-based management, and cloud-based logging. We will use the following Cisco products: Fu... view more
How Does Cisco Defense Orchestrator Manage Firepower Threat ...
Created by suhegade on 11-26-2019 09:06 PM
0
0
0
0
These days everything is in the cloud. We all know that Cisco Firepower Threat Defense (FTD) is a unified software image, which includes the Cisco ASA features and FirePOWER Services. Using Cisco Defense Orchestrator (CDO), you can manage physical or virt... view more
How Does Cisco Defense Orchestrator Manage Adaptive Security...
Created by suhegade on 11-26-2019 09:03 PM
0
10
0
10
Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that provides a simple, consistent, and highly secure way of managing security policies on all your ASA devices. CDO helps you optimize your ASA environment by identifying problems wi... view more
CreatePlease to create content
Discussion
Blog
Document
Video