Cisco ISE – Basic 802.1x With WindowsPart Four – Configuring The Windows Clients (Supplicants)


KB ID 0001083 Dtd 05/07/15


Back in Part Three we setup the switches ready to plug in our clients. I'm going to configure the Windows clients by Group Policy. But I suggest you carry out tests using single Windows clients and LOCAL policy until you know you have everything setup correctly.

WARNING: Rolling this out without adequate testing, can resolve in all your Windows clients falling off the network.Solution

1. On a DC or a machine with the AD management tools installed, open the group management console. Either edit an existing policy or create and link a policy to the OU that contains your client computers.

ISE Network Devices

2. Navigate to;

Computer Configuration > Policies > Windows Settings > Security Settings > Wired Network (IEEE 802.1x) Policies

Create A New Wired Network Policy for Windows Vista and Later Releases.

ISE Switch Radius

3. Configure the following;

General Tab

  • Policy Name: Give the policy a name
  • Description: Optional
  • Use Windows Wired Auto Config service for clients. (Ticked)

Security Tab

  • Enable use of IEEE 802.1X authentication for network access. (Ticked)
  • Select a network authentication method: Microsoft Protected EAP (PEAP)
  • Authentication Mode: User or computer authentication
  • Properties (optional in case you ever use TLS) Add in your Root CA Cert

ISE Switch Radius

4. Navigate to;

Computer Configuration > Policies > Windows Settings > Security Settings > System Services > Wired AutoConfig

Define the policy and set the startup type to 'Automatic'.

ISE Switch Radius

5. Now when you connect a client to a properley configured switch port it will authenticate before if is allowed to join the network. If the machine is not a domain PC, or 802.1x fails then it will get an authentication failed remark on its network card.

ISE Switch Radius

6. OPTIONAL: We have setup 802.1x now, but it is also worth adding RADIUS to the ISE profiling configuration.

ISE Switch Radius

Related Articles, References, Credits, or External Links


Author: Migrated

Share This Post On