Lab Topology:
As you can see below, user David prefers to connect to LAN over EAP-TLS, but Simon prefers to connect over the LAN using PEAP.
User David
Configured to use EAP-TLS based authentication.
User Simon
Configured to use PEAP Authentication
Authentication Setting
- We need to integrate Active Directory with Cisco ISE, as shown below, for PEAP authentication.
- We also need to setup Certificate based Authentication for EAP-TLS Users
- The most important part to allow both EAP-TLS and PEAP to operate together is to perform below step.
ISE Policy configuration
- Setup Authorisation profile, which will enable pushing Dynamic VLAN into the Cisco IOS switch for both EAP-TLS and PEAP Users.
2. Authentication and Authorisation profiles
- Create a single authentication policy for EAP-TLS and PEAP
- Create Authorisation Policy.
Verification