02-24-2019 02:34 PM - edited 02-21-2020 11:02 AM
We are currently testing PKI on a device which seems to work successfully.
But what seemed to have broke was it logging the session onto ISE and now our ACAS Scanning failed credential scanning on it. Being a novice with ISE, how would I go about fixing this?
Has anyone else gone this route of doing PKI on Networking Devices with ISE?
03-05-2019 10:36 AM
Can you elaborate on the use case on how PKI and ISE is used? Is this for Web authentication to a portal or is this for 802.1X?
03-20-2019 08:03 PM
Apologies for the delayed response but here is more information to the original question. Need to log into network devices including ISE Admin portal with PKI/Token.
We discovered two things when we implemented Pragmasys on a catalyst 2960 switch:
1. It wouldn't no longer rely on TACACS because after the successful login with PKI, it did not show up in TACACS Log
1a. This would break the ACAS/Nessus scanning which also uses TACACS.
2. In two attempts of enabling certificate login instead of username and password, we are successful in getting ISE to prompt for a PIN when my PKI is inserted. PIN seems successful because we then see the warning banner configured. and two button's displayed below: Continue | Close.
Selecting Continue brings up a blank white screen. Not sure how to move forward.
Since then we have reverted the changes and currently log in with username and password.
03-05-2019 11:10 AM
03-20-2019 08:06 PM
We could try and test this. Let me check with team if we still have a test window. Will keep you posted on this.
Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide