802.1X Windows
Project Summary
| Field | Value |
|---|---|
PRJ ID |
PRJ-SPOKE-003 |
Owner |
Evan Rosado |
Priority |
P1 (High) |
Status |
Active |
Repository |
|
Antora Component |
|
Antora Title |
ISE Windows 802.1X |
Category |
Network Security |
2026 Commits |
18 |
Site URL |
Purpose
The ISE Windows component documents 802.1X EAP-TLS and TEAP authentication for Windows endpoints against Cisco ISE. It covers Vault PKI certificate enrollment for Windows, the native Wired AutoConfig (dot3svc) supplicant, Group Policy-based 802.1X configuration, and Windows certificate store management via PowerShell.
This is the Windows counterpart to the ise-linux spoke, sharing the same ISE policy infrastructure but with platform-specific supplicant and PKI workflows.
Scope
In Scope
-
Windows Wired AutoConfig (dot3svc) 802.1X supplicant setup
-
EAP-TLS and TEAP profile configuration
-
Vault PKI certificate enrollment for Windows (PowerShell)
-
Certificate store management (LocalMachine\My, Root, CA)
-
Group Policy 802.1X deployment
-
WiFi 802.1X (Domus-Secure SSID)
-
Root CA and issuing CA trust chain installation
-
Troubleshooting Windows 802.1X failures
Out of Scope
-
Linux 802.1X (covered by
ise-linux) -
ISE policy administration (covered by
ise-ops) -
General Windows administration (covered by
windows-ops)
Status
| Indicator | Detail |
|---|---|
Activity Level |
Active — 18 commits, foundational content |
Maturity |
Early — TEAP profile and Vault PKI integration documented |
Last Activity |
2026 |
Key Milestone |
TEAP profile (Domus-Secure-TEAP) and legacy ROOT-CA migration |
Deployment Status |
Methodology in development, home lab validated |
Metadata
| Field | Value |
|---|---|
PRJ ID |
PRJ-SPOKE-003 |
Author |
Evan Rosado |
Date Created |
2026-03-30 |
Last Updated |
2026-03-30 |
Status |
Active |
Next Review |
2026-04-15 |