Wired auto config need to be configured on windows to enable 802.1x services on wired interface. The configuration can be configured locally on a system and if its a domain joined machine it can be configured using GPO. In this post we will learn local configuration of the wired auto config.
Window Machine wired auto config for 802.1x authentication
Step 1> We need to enable dot1x service on the PC. Go to run and type services.msc and hit enter.
Double click on wired auto config and under general tab change the startup type to automatic, click apply and click ok.
Step 2> Configure interface for dot1x authentication. Go to run and type ncpa.cpl and hit enter.
Right click on the wired nic and click on properties.
A new authentication tab will start appearing. Select Enable IEEE 802.1x Authentication.
Click on Setting next to authentication method. Un-select validate server certificate, this we need to do only in case Cisco ISE EAP certificate is trusted by endpoint, if we have public CA signed certificate or internal CA signed certificate then we don’t need to un-select.
Select the authentication method as EAP-MSCHAP v2 and click configure, Select automatically use my windows logon name and password. With this setting whatever username password user have entered to login into the windows machine those credentials will be used to authenticate the users.
Click ok and then click on Additional setting, There are couple of options given we can select based on what we want to do
1> User authentication: This will validate the user credentials only.
2> Computer Authentication : Authenticate the machine which users is using to access the network. This will make sure user is using domain joined machine to access resources.
3> User or computer authentication: This will validate the user and Machine as well.
This completes the wired auto config for windows.
Note: If setting are disabled from GPO then we would have to configure the setting using GPO.