https://community.cisco.com/t5/network-access-control/ise-easyconnect-and-802-1x-machine-authentication-integration/m-p/4566871#M573325 <P>Thanks for your reply...</P><P>My first question is that, is this scenario supported by Cisco?</P><P>My second question is, are the configured policies are correct?</P><P>Yes, I have checked the AD integration, and everything is OK!</P><P>&nbsp;</P> Wed, 09 Mar 2022 07:58:14 GMT rezaalikhani 2022-03-09T07:58:14Z https://community.cisco.com/t5/network-access-control/ise-easyconnect-and-802-1x-machine-authentication-integration/m-p/4565275#M573270 <P>Hi all;</P><P>Because of some limitations of implementing User-based 802.1X port-based authentication (like, a user cannot change an expired password), I want to implements machine-based 802.1X authentication (based on PEAP - MSCHAPv2). Based on <A href="https://community.cisco.com/t5/security-documents/ise-easy-connect/ta-p/3638861" target="_self">this document</A>, it is a supported scenario. So, I have implemented machine-based 802.1X and now everything looks great. Please look at the following figure:</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/145550i74B1067AD9A79863/image-size/large?v=v2&amp;px=999" role="button" title="2.png" alt="2.png" /></span></P><P>I have created the above Authorization Policy for the purpose of this scenario (machine-based 802.1X authentication).</P><P>&nbsp;</P><P>Now, I created the following Authorization Policy for the purpose of implementing EasyConnect:</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="3.png" style="width: 994px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/145561iC2E5A89D189637D0/image-size/large?v=v2&amp;px=999" role="button" title="3.png" alt="3.png" /></span></P><P>Although I have enabled the "Passive Identity Tracking" option for "HR_Users" Authorization Profile, when a user in "HR_Users" group logins to the machine, ISE does not match with the above rule!</P><P>&nbsp;</P><P>Any ideas?</P><P>Thanks</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 07 Mar 2022 09:29:38 GMT https://community.cisco.com/t5/network-access-control/ise-easyconnect-and-802-1x-machine-authentication-integration/m-p/4565275#M573270 rezaalikhani 2022-03-07T09:29:38Z https://community.cisco.com/t5/network-access-control/ise-easyconnect-and-802-1x-machine-authentication-integration/m-p/4566694#M573318 <P>Is your integration with AD working correctly? It's been a while since I tried this, but I recall that you can see all the events in ISE (if the WMI integration is working)</P> Tue, 08 Mar 2022 21:59:56 GMT https://community.cisco.com/t5/network-access-control/ise-easyconnect-and-802-1x-machine-authentication-integration/m-p/4566694#M573318 Arne Bier 2022-03-08T21:59:56Z https://community.cisco.com/t5/network-access-control/ise-easyconnect-and-802-1x-machine-authentication-integration/m-p/4566871#M573325 <P>Thanks for your reply...</P><P>My first question is that, is this scenario supported by Cisco?</P><P>My second question is, are the configured policies are correct?</P><P>Yes, I have checked the AD integration, and everything is OK!</P><P>&nbsp;</P> Wed, 09 Mar 2022 07:58:14 GMT https://community.cisco.com/t5/network-access-control/ise-easyconnect-and-802-1x-machine-authentication-integration/m-p/4566871#M573325 rezaalikhani 2022-03-09T07:58:14Z https://community.cisco.com/t5/network-access-control/ise-easyconnect-and-802-1x-machine-authentication-integration/m-p/4567750#M573360 <P>If your ISE is of 2.2 before Patch 17, 2.4 before Patch 13, 2.6 before Patch 7, you might run into a known bug which resolved in these patch releases.</P> Thu, 10 Mar 2022 04:17:20 GMT https://community.cisco.com/t5/network-access-control/ise-easyconnect-and-802-1x-machine-authentication-integration/m-p/4567750#M573360 hslai 2022-03-10T04:17:20Z https://community.cisco.com/t5/network-access-control/ise-easyconnect-and-802-1x-machine-authentication-integration/m-p/4568068#M573376 <P>Thanks for your reply;</P><P>&nbsp;</P><P>Can you please give me the link of any docs that help me to implement this scenario?</P><P>&nbsp;</P><P>Thanks</P> Thu, 10 Mar 2022 14:12:03 GMT https://community.cisco.com/t5/network-access-control/ise-easyconnect-and-802-1x-machine-authentication-integration/m-p/4568068#M573376 rezaalikhani 2022-03-10T14:12:03Z https://community.cisco.com/t5/network-access-control/ise-easyconnect-and-802-1x-machine-authentication-integration/m-p/4568335#M573396 <P>You can try <A href="https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/pic_admin_guide/PIC_admin/PIC_admin_chapter_01011.html" target="_self">this link here</A>.</P> <P>And Labminutes.com h<A href="http://www.labminutes.com/sec0286_ise_22_easy_connect_1" target="_self">as a two part video series</A> where you can watch how it's done (Easy Connect using Passive ID)</P> Thu, 10 Mar 2022 20:16:36 GMT https://community.cisco.com/t5/network-access-control/ise-easyconnect-and-802-1x-machine-authentication-integration/m-p/4568335#M573396 Arne Bier 2022-03-10T20:16:36Z