Cisco ISE – Basic 802.1x With WindowsPart Four – Configuring The Windows Clients (Supplicants)

KB ID 0001083 

Problem

Back in Part Three we setup the switches ready to plug in our clients. I’m going to configure the Windows clients by Group Policy. But I suggest you carry out tests using single Windows clients and LOCAL policy until you know you have everything setup correctly.

WARNING: Rolling this out without adequate testing, can resolve in all your Windows clients falling off the network

Solution

1. On a DC or a machine with the AD management tools installed, open the group management console. Either edit an existing policy or create and link a policy to the OU that contains your client computers.

ISE Network Devices

2. Navigate to;

Computer Configuration > Policies > Windows Settings > Security Settings > Wired Network (IEEE 802.1x) Policies

Create A New Wired Network Policy for Windows Vista and Later Releases.

ISE Switch Radius

3. Configure the following;

General Tab

  • Policy Name: Give the policy a name
  • Description: Optional
  • Use Windows Wired Auto Config service for clients. (Ticked)

Security Tab

  • Enable use of IEEE 802.1X authentication for network access. (Ticked)
  • Select a network authentication method: Microsoft Protected EAP (PEAP)
  • Authentication Mode: User or computer authentication
  • Properties (optional in case you ever use TLS) Add in your Root CA Cert

ISE Switch Radius

4. Navigate to;

Computer Configuration > Policies > Windows Settings > Security Settings > System Services > Wired AutoConfig

Define the policy and set the startup type to ‘Automatic’.

ISE Switch Radius

5. Now when you connect a client to a properley configured switch port it will authenticate before if is allowed to join the network. If the machine is not a domain PC, or 802.1x fails then it will get an authentication failed remark on its network card.

ISE Switch Radius

6. OPTIONAL: We have setup 802.1x now, but it is also worth adding RADIUS to the ISE profiling configuration.

ISE Switch Radius

Related Articles, References, Credits, or External Links

NA

Author: Migrated

Share This Post On