cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
217
Views
0
Helpful
3
Replies
Highlighted
Collaborator
Collaborator

Certificate authentication also need to be domain joined?

Hi, 

 

Does a device joining the wireless corp network using certificate authentication also need to be domain joined or is it just a certificate based check?

 

Thanks 

Everyone's tags (1)
3 REPLIES 3
Highlighted
Beginner

Re: Certificate authentication also need to be domain joined?

It depends entirely on the specific configuration.

 

You could just have the radius server validating whether the certificate is present, in which case it could be a domain enrolled laptop or an iphone, so long as it has a cert it is allowed on.

 

You could also have a rule that stated it must have a valid certificate and be domain enrolled.

Highlighted
Collaborator
Collaborator

Re: Certificate authentication also need to be domain joined?

Thanks a lot for your response. 

 

If the SSID is configured with - [WPA2][Auth(802.1X)] and using ISE. 

 

How can I check if a device joining the wireless corp network using certificate authentication also need to be domain joined or is it just a certificate based check?

Highlighted
VIP Advocate

Re: Certificate authentication also need to be domain joined?

You have to check the policy on the ISE. If you check there for valid domain membership, then yes, the device must be joined. If you only check the validity of the certificate, then no, the device doesn't need to be joined.
CreatePlease to create content
Content for Community-Ad

Cisco COVID-19 Survey