topic Re: EAP-TLS Authentication Policy Set Being Bypassed in Network Access Control

EAP-TLS Authentication Policy Set Being Bypassed

rdc8033 — Tue, 08 Apr 2025 23:32:49 GMT

Cisco ISE 3.2.0.542 Patch 5

Deploying 802.1x on Aruba AOS-CX 8325, MAB Policy Set is working correctly. Authentication method using dot1x and authentication protocol PEAP (EAP-MSCHAPv2) is successful also. Policy Set for EAP-TLS is being bypassed by ISE.

Certificate Authentication Profile has been configured to allow ISE to use certificates for authentication. Tried using a custom Allowed Protocols Services List to only allow EAP-TLS, then tried using the Default Network Access. ISE falls back to MAB authentication. I am going to attach screenshots showing how ISE is configured, the windows supplicant, and snippets from Radius Live logs. Please let me know if anything else would be helpful. Thank you for the assistance with this!

Re: EAP-TLS Authentication Policy Set Being Bypassed

klnnnnng — Wed, 09 Apr 2025 08:02:47 GMT

Please check the following document - https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/214975-configure-eap-tls-authentication-with-is.html

Re: EAP-TLS Authentication Policy Set Being Bypassed

rdc8033 — Wed, 09 Apr 2025 11:54:07 GMT

When trying to view the document I get 403 invalid page or application.

Re: EAP-TLS Authentication Policy Set Being Bypassed

rdc8033 — Wed, 09 Apr 2025 11:56:44 GMT

I got it to come up, looks like the last "l" in html didn't get hyperlinked.