Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
486
Views
0
Helpful
3
Replies

Certificate authentication also need to be domain joined?

omz
VIP Alumni
VIP Alumni

‎11-13-2018 03:46 AM - edited ‎07-05-2021 09:26 AM

Hi, 

 

Does a device joining the wireless corp network using certificate authentication also need to be domain joined or is it just a certificate based check?

 

Thanks 

Labels:
0 Helpful
3 Replies 3

Mikey Boy
Level 1
Level 1

‎11-13-2018 03:54 AM

It depends entirely on the specific configuration.

 

You could just have the radius server validating whether the certificate is present, in which case it could be a domain enrolled laptop or an iphone, so long as it has a cert it is allowed on.

 

You could also have a rule that stated it must have a valid certificate and be domain enrolled.

0 Helpful

omz
VIP Alumni
VIP Alumni
In response to Mikey Boy

‎11-14-2018 02:46 AM

Thanks a lot for your response. 

 

If the SSID is configured with - [WPA2][Auth(802.1X)] and using ISE. 

 

How can I check if a device joining the wireless corp network using certificate authentication also need to be domain joined or is it just a certificate based check?

0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to omz

‎11-14-2018 06:51 AM

You have to check the policy on the ISE. If you check there for valid domain membership, then yes, the device must be joined. If you only check the validity of the certificate, then no, the device doesn't need to be joined.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card