Showing results for 
Search instead for 
Did you mean: 
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

VIP Advisor RJI VIP Advisor
VIP Advisor

Re: Configure Wired 802.1X with NPS

What error do you get when you use a custom template?
Why exactly do you need to use a custom template?
What error (in the NPS server logs) do you get when the computer authentication fails?

I wouldn't use that command, the NPS server is not authenticating the users then, that's not what you want.

What errors (in the NPS server logs) do you get when attempting to authenticate MAB devices? What did you define as the password for these accounts?

Re: Configure Wired 802.1X with NPS

Hi ,

I followed this links    . I defined mac address as username and password in AD.and i also to stored Mac address in NPS.

Everyone's tags (2)

Re: Configure Wired 802.1X with NPS

If you want to authenticate a PC to allow users to connect via wireless and not be prompted for a password after they have logged into the PC, you should use TLS (Smartcard).  However, you will need a PKI (Cert Server) issuing certs to all your PC"s.  At that stage, you might as well do users too. This can be done with the MS Cert server and AD.  But all nodes will have to be hardwired once to pull the cert when they log in.  After they get the cert, you will be good to go. 


One of the most significant issues I have seen with any authentication type is making sure you picked the correct cert under setting highlight your EAP type and click edit.  You will get a popup box.  Make sure you have the correct root cert being used on your NPS policy.  The next one is to change the user and computer Dial-in profile in AD from NPS control to allow access.  I have run into issues when they are set to allow NPS to control policy.  If you use PEAP, you do not need a PKI, but you will need a cert on NPS that is trusted by all your clients.  A third party cert, such as Godaddy, would work because, in most cases, the node will already have GoDaddy as a trusted cert provider.   You will have to make sure that under settings Authentication Methods, you edit your EAP type to match your desired cert.   Remember, you also have to make sure you add your AP (Meraki)  or Wireless controllers to the NPS server.


I hope this helps.