Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
561
Views
0
Helpful
0
Replies

ISE Authentication Policy

GRANT3779
Spotlight
Spotlight

‎03-28-2017 07:26 AM - edited ‎03-11-2019 12:34 AM

Hi,

Just trying to ensure I am understanding the authentication policy that I see as default -

Authentication Policy -

Dot1x - If Wired_802.1x OR Wireless_802.1x Allowed Protocols - Default Network Access  (Default Network Access has pretty much everything ticked)

Use - All_user_id_stores    (In there we have Internal, All AD join points, Guest Users)

What exactly will pass this policy?

Does this mean that if my client supplicant was using PEAP/EAP-TLS - will ISE look at the "Default Network Access" results to see if these protocols are allowed? If EAP-TLS was not configured/ticked in my Default Network Access results I assume the authentication would fail?

How is my client/supplicant cert (EAP-TLS) authenticated when ISE looks at the All_user_id_store? Does ISE match the cert against a locally configured/installed cert or AD?

Thanks

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents