ISE configuration - memory refresh - EAP authentication

bberry · ‎12-17-2025

OK ... I need a memory refresh. It has been so long since we originally setup our ISE environment that I have forgotten a lot of things. This is specifically addressed to wireless connections but I also think it applies to wired connections. What I am looking for is related to the network authentication method when setting up the 802.x1 authentication piece on a device. I am thinking this is set on the ISE server somewhere I just cannot remember where. I am trying to see if thoinks can be setup to use EAP-TLS. EAP (PEAP) is the default network authentication when setting up 802.1s authentication but I also do not see EAP-TLS specifically in the drop down. EAP-SIM, EAP-TTLS, EAP-AKA, EAP-TEAP are options. The specific question was does out Cisco wireless infrastructure support EAP-TLS authentication. Am I thinking right? Thanks in advance ....

Brent

bberry · ‎12-17-2025

OK .. I think I found it and it looks like we possibly have it configured based upon the following. Can I use this in addition to Peap that we use today? We normally uncheck the certificate box so thinking I my just be missing the certificate pieces?

Cristian Matei · ‎12-18-2025

Hi,

Yes, if EAP-TLS is supported in your Cisco WiFi infrastructure, with ISE as authentication backend server. In the "Allowed protocols" list, you need to check "allow EAP-TLS" if you're using plain EAP-TLS; or, check "allow EAP-TLS" as inner method under "allow PEAP" section, as most probably you're planing to use EAP-TLS as inner method to PEAP.

Thanks,

Cristian.

ISE configuration - memory refresh - EAP authentication

AnyConnect Certificate Based Authentication.

Getting past intermittent/unexplained 802.1x problems on Windows 7

Insights About Multiple Vulnerabilities in Cisco Discovery Protocol Implementations (CDPwn)