I need this condition, I know when I disable this WiFi works but my objective is to make it work using "was machine authenticated" feature.
My clients have 2 types of certs on their machine one is user specific and other is machine specific. In case I do not use "was machine authenticated" condition, user can connect using user specific cert only which I dont want.
I want machine to be authenticated and not user before it is connected to WiFI
The purpose of the "wasmachineauthenticated" attribute is for user authentication, this is your typical "chicken or the egg" scenario since machine authentication needs to be performed without this attribute for successful authentication.
When successful machine authentication occurs there is a MAR cache within ACS uses to track the mac address of the device. In your case you are forcing ACS to look for a "WasMachineAuthenticated" during the initial machine authentication which will not succeed.
In my experience it is best to set this in environments where users' can only authenticate through registered workstations (typically machines that are joined to AD), so when a user attempts to use their 802.1x credentials on a smart phone or non-registered asset, they get denied since the device does not have machine credentials to join the network.
I hope this bring some clarification to Edward's recommendation.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :