cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
463
Views
0
Helpful
1
Replies
Kevin Huether
Beginner

ISE/WIFI - 802.1x with machine certificate and user credentials

Hello everyone,

i need help with the wireless configuration on the WLC/ISE/AD GPO of one of our customers.

Currently we are using machine and user authentication with PEAP and it works fine, I can see the machine authentication when the notebook is booted as well as the user authentication when i login to windows.

 

Now we want to change the machine authentication to certificate based since the customer got an own CA (they only have machine certs, no user certs). The certificates are enrolled and i change the policies on ISE and the GPO, but it doesnt work.

 

Right now I am not sure wether I miss something or if its not possible to combine machine cert with user credentials.

Can you help me with this?

 

WLC: 5520 running AireOS v8.10.151.0

ISE: v2.4.0.357

Clients: Windows 10 Notebooks

Supplicant: Windows builtin

 

Thank you in advance!

Best regards,

Kevin Hüther

1 REPLY 1
Arshadsaf
Beginner

Did you completely move to eap-tls or you are going to do certificate validation on eap-peap? eap-tls support only machine and eap-peap only user.

If u want both user and machine to be authenticated you need to deploy eap-teap. If you are to go ahead with eap-teap  please run it on a test bed first then take it to the production as there could be some compatibility issues. If not consider using anyconnect as this will give you more options.

also what does the ISE logs reveal for a failed instance?

Content for Community-Ad