This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
We are currently testing PKI on a device which seems to work successfully.
But what seemed to have broke was it logging the session onto ISE and now our ACAS Scanning failed credential scanning on it. Being a novice with ISE, how would I go about fixing this?
Has anyone else gone this route of doing PKI on Networking Devices with ISE?
Can you elaborate on the use case on how PKI and ISE is used? Is this for Web authentication to a portal or is this for 802.1X?
Apologies for the delayed response but here is more information to the original question. Need to log into network devices including ISE Admin portal with PKI/Token.
We discovered two things when we implemented Pragmasys on a catalyst 2960 switch:
1. It wouldn't no longer rely on TACACS because after the successful login with PKI, it did not show up in TACACS Log
1a. This would break the ACAS/Nessus scanning which also uses TACACS.
2. In two attempts of enabling certificate login instead of username and password, we are successful in getting ISE to prompt for a PIN when my PKI is inserted. PIN seems successful because we then see the warning banner configured. and two button's displayed below: Continue | Close.
Selecting Continue brings up a blank white screen. Not sure how to move forward.
Since then we have reverted the changes and currently log in with username and password.
We could try and test this. Let me check with team if we still have a test window. Will keep you posted on this.