I have wireless clients using iPads who authenticate using EAP-TLS. I have a network policy setup for them and the conditions are currently set to NAS Port Type: Wireless-IEEE 802.11 and a User Group. That works fine but some of my users match other Network policies when they connect. I would like to add additional conditions to make sure they are using the correct policy. When I check the logs for successful authentications I see the following in the entries.
Authentication Type: EAP
EAP Type: Microsoft: Smart Card or other certificate
I've tried adding Authentication Type = EAP and Allowed EAP Types = Microsoft: Smart Card or other certficate. When a client tries to authenticate while those conditions are in the Network policy they skip over the policy and fail on a different one.
This seems like it should be straight forward but I'm not sure what I'm doing wrong. Am I just entering in the wrong options for the conditions?
Thanks