https://community.cisco.com/t5/network-access-control/ise-eap-tls-identities-send-over-pxgrid-as-user/m-p/4979224#M585751 <P>Hi!</P><P>We are using ISE to authenticate computers connecting to our LAN using EAP-TLS and share those authenticated identities over PxGrid with 3rd party products.</P><P>The problem we are hitting is PxGrid shares those identities as user identities and not as machine identities. Is there any way to influence that?</P><P>This is working fine on MAB authenticated computers, as their identities are shared by the PxGrid as machine identity.</P><P>Thanks in advance.</P> Fri, 15 Dec 2023 15:38:23 GMT Ezequ!el 2023-12-15T15:38:23Z https://community.cisco.com/t5/network-access-control/ise-eap-tls-identities-send-over-pxgrid-as-user/m-p/4979224#M585751 <P>Hi!</P><P>We are using ISE to authenticate computers connecting to our LAN using EAP-TLS and share those authenticated identities over PxGrid with 3rd party products.</P><P>The problem we are hitting is PxGrid shares those identities as user identities and not as machine identities. Is there any way to influence that?</P><P>This is working fine on MAB authenticated computers, as their identities are shared by the PxGrid as machine identity.</P><P>Thanks in advance.</P> Fri, 15 Dec 2023 15:38:23 GMT https://community.cisco.com/t5/network-access-control/ise-eap-tls-identities-send-over-pxgrid-as-user/m-p/4979224#M585751 Ezequ!el 2023-12-15T15:38:23Z https://community.cisco.com/t5/network-access-control/ise-eap-tls-identities-send-over-pxgrid-as-user/m-p/4979249#M585756 <P>can you share a live log detail for your EAP-TLS successful authentication</P> <P>&nbsp;</P> Fri, 15 Dec 2023 16:17:02 GMT https://community.cisco.com/t5/network-access-control/ise-eap-tls-identities-send-over-pxgrid-as-user/m-p/4979249#M585756 Ambuj M 2023-12-15T16:17:02Z https://community.cisco.com/t5/network-access-control/ise-eap-tls-identities-send-over-pxgrid-as-user/m-p/4983499#M585867 <P>Hi,</P><P>I am Ezequiel's colleague. All of our clients have these problems.</P><P>I hope you mean the following:</P><P>Authentication Details</P><TABLE border="0"><TBODY><TR><TD>Source Timestamp</TD><TD>2023-12-22 02:26:03.652</TD></TR><TR><TD>Received Timestamp</TD><TD>2023-12-22 02:26:03.652</TD></TR><TR><TD>Policy Server</TD><TD>cisco-ise</TD></TR><TR><TD>Event</TD><TD>5200 Authentication succeeded</TD></TR><TR><TD>Username</TD><TD>pc.local.domain</TD></TR><TR><TD>Endpoint Id</TD><TD>99:62:26:BF:99:D3</TD></TR><TR><TD>Calling Station Id</TD><TD>45-32-99-AD-99-D3</TD></TR><TR><TD>Endpoint Profile</TD><TD>HP-Device</TD></TR><TR><TD>IPv4 Address</TD><TD>10.98.98.98</TD></TR><TR><TD>IPv6 Address</TD><TD>xxxx</TD></TR><TR><TD>Identity Group</TD><TD>Profiled</TD></TR><TR><TD>Audit Session Id</TD><TD>5EA772359700991A8F32A868</TD></TR><TR><TD>Authentication Method</TD><TD>dot1x</TD></TR><TR><TD>Authentication Protocol</TD><TD>EAP-TLS</TD></TR><TR><TD>Service Type</TD><TD>Framed</TD></TR><TR><TD>Network Device</TD><TD>switch123.local.domain</TD></TR><TR><TD>Device Type</TD><TD>All Device Types#SDA</TD></TR><TR><TD>Location</TD><TD>All Locations#GER</TD></TR><TR><TD>NAS IPv4 Address</TD><TD>10.99.99.99</TD></TR><TR><TD>NAS Port Id</TD><TD>GigabitEthernet1/0/1</TD></TR><TR><TD>NAS Port Type</TD><TD>Ethernet</TD></TR><TR><TD>Authorization Profile</TD><TD>Result_SGT123</TD></TR><TR><TD>Security Group</TD><TD>SGT123</TD></TR><TR><TD>Response Time</TD><TD>11&nbsp;milliseconds</TD></TR></TBODY></TABLE><P>Many thanks and best regards</P><P>Uli</P> Fri, 22 Dec 2023 09:12:32 GMT https://community.cisco.com/t5/network-access-control/ise-eap-tls-identities-send-over-pxgrid-as-user/m-p/4983499#M585867 Uli1412 2023-12-22T09:12:32Z https://community.cisco.com/t5/network-access-control/ise-eap-tls-identities-send-over-pxgrid-as-user/m-p/4986540#M585914 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/279126">@Ezequ!el</a>&nbsp;and&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1654644">@Uli1412</a>&nbsp;The session info sent from ISE via pxGrid does indicate whether the auth sessions resulted from computer/machine auth. Until Firepower able to consume such correctly, please separate the ISE deployments if possible.</P> Thu, 28 Dec 2023 18:45:52 GMT https://community.cisco.com/t5/network-access-control/ise-eap-tls-identities-send-over-pxgrid-as-user/m-p/4986540#M585914 hslai 2023-12-28T18:45:52Z https://community.cisco.com/t5/network-access-control/ise-eap-tls-identities-send-over-pxgrid-as-user/m-p/4993643#M586213 <P>Hello&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/113005">@hslai</a>&nbsp;</P><P>Thanks for your answer!</P><P>What do you mean by "seperate the ISE deployments"?&nbsp;</P> Wed, 10 Jan 2024 13:15:18 GMT https://community.cisco.com/t5/network-access-control/ise-eap-tls-identities-send-over-pxgrid-as-user/m-p/4993643#M586213 Uli1412 2024-01-10T13:15:18Z