02-24-2019 02:34 PM - edited 02-21-2020 11:02 AM
We are currently testing PKI on a device which seems to work successfully.
But what seemed to have broke was it logging the session onto ISE and now our ACAS Scanning failed credential scanning on it. Being a novice with ISE, how would I go about fixing this?
Has anyone else gone this route of doing PKI on Networking Devices with ISE?
03-05-2019 10:36 AM
Can you elaborate on the use case on how PKI and ISE is used? Is this for Web authentication to a portal or is this for 802.1X?
03-20-2019 08:03 PM
Apologies for the delayed response but here is more information to the original question. Need to log into network devices including ISE Admin portal with PKI/Token.
We discovered two things when we implemented Pragmasys on a catalyst 2960 switch:
1. It wouldn't no longer rely on TACACS because after the successful login with PKI, it did not show up in TACACS Log
1a. This would break the ACAS/Nessus scanning which also uses TACACS.
2. In two attempts of enabling certificate login instead of username and password, we are successful in getting ISE to prompt for a PIN when my PKI is inserted. PIN seems successful because we then see the warning banner configured. and two button's displayed below: Continue | Close.
Selecting Continue brings up a blank white screen. Not sure how to move forward.
Since then we have reverted the changes and currently log in with username and password.
03-05-2019 11:10 AM
03-20-2019 08:06 PM
We could try and test this. Let me check with team if we still have a test window. Will keep you posted on this.
Thanks!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: