Hi,
Just trying to ensure I am understanding the authentication policy that I see as default -
Authentication Policy -
Dot1x - If Wired_802.1x OR Wireless_802.1x Allowed Protocols - Default Network Access (Default Network Access has pretty much everything ticked)
Use - All_user_id_stores (In there we have Internal, All AD join points, Guest Users)
What exactly will pass this policy?
Does this mean that if my client supplicant was using PEAP/EAP-TLS - will ISE look at the "Default Network Access" results to see if these protocols are allowed? If EAP-TLS was not configured/ticked in my Default Network Access results I assume the authentication would fail?
How is my client/supplicant cert (EAP-TLS) authenticated when ISE looks at the All_user_id_store? Does ISE match the cert against a locally configured/installed cert or AD?
Thanks