10-15-2019 12:21 AM
Hello everyone,
I am learning ISE, installed v2.4 VM, configured EAP-FAST, user is authenticating but the machine is not, wondering if anyone can help.
Source Timestamp | 2019-10-15 06:47:20.505 |
Received Timestamp | 2019-10-15 06:47:20.506 |
Policy Server | ISE1 |
Event | 5200 Authentication succeeded |
Username | wasif,host/Test-Laptop |
Endpoint Id | 00:0C:29:F3:22:33 |
Calling Station Id | 00-0C-29-F3-22-33 |
Endpoint Profile | Microsoft-Workstation |
IPv4 Address | 10.0.10.152 |
Authentication Identity Store | homelab-AD |
Identity Group | Workstation |
Audit Session Id | 0A0063010000002601440902 |
Authentication Method | dot1x |
Authentication Protocol | EAP-FAST (EAP-MSCHAPv2) |
Service Type | Framed |
Network Device | 3560-G |
Device Type | All Device Types#Wired |
Location | All Locations#Chicago |
NAS IPv4 Address | 10.0.100.1 |
NAS Port Id | GigabitEthernet0/1 |
NAS Port Type | Ethernet |
Authorization Profile | homelab-Limited |
Posture Status | Compliant |
Response Time | 5 millisecon |
ConfigVersionId | 79 |
DestinationPort | 1812 |
Protocol | Radius |
NAS-Port | 50001 |
Framed-MTU | 1500 |
State | 37CPMSessionID=0A0063010000002601440902;28SessionID=ISE1/360474437/311; |
NetworkDeviceProfileId | 403ea8fc-7a27-41c3-80bb-27964031a08d |
IsThirdPartyDeviceFlow | false |
AcsSessionID | ISE1/360474437/311 |
UseCase | Eap Chaining |
NACRadiusUserName | wasif |
SelectedAuthenticationIdentityStores | homelab-AD |
SelectedAuthenticationIdentityStores | Internal Endpoints |
SelectedAuthenticationIdentityStores | Internal Users |
SelectedAuthenticationIdentityStores | Guest Users |
AuthenticationStatus | AuthenticationFailed |
IdentityPolicyMatchedRule | homelab 802.1x |
AuthorizationPolicyMatchedRule | CHAINING USER ONLY |
CPMSessionID | 0A0063010000002601440902 |
EndPointMACAddress | 00-0C-29-F3-22-33 |
EapChainingResult | User succeeded and machine failed |
ISEPolicySetName | Wired |
IdentitySelectionMatchedRule | homelab 802.1x |
AD-User-Resolved-Identities | wasif@homelab.local |
AD-User-Candidate-Identities | TEST-LAPTOP$@homelab.local |
AD-User-Join-Point | HOMELAB.LOCAL |
AD-User-Resolved-DNs | CN=wasif,DC=homelab,DC=local |
AD-Groups-Names | homelab.local/Employee |
AD-Groups-Names | homelab.local/Users/Domain Users |
IsMachineIdentity | false |
UserAccountControl | 4096 |
TLSCipher | ECDHE-RSA-AES256-GCM-SHA384 |
TLSVersion | TLSv1.2 |
DTLSSupport | Unknown |
HostIdentityGroup | Endpoint Identity Groups:Profiled:Workstation |
Network Device Profile | Cisco |
Location | Location#All Locations#Chicago |
Device Type | Device Type#All Device Types#Wired |
ExternalGroups | S-1-5-21-630241409-3634873573-2845902898-1106 |
ExternalGroups | S-1-5-21-630241409-3634873573-2845902898-513 |
IdentityAccessRestricted | false |
RADIUS Username | anonymous |
Device IP Address | 10.0.100.1 |
Called-Station-ID | 00:13:C4:3C:D1:01 |
CiscoAVPair | service-type=Framed, audit-session-id=0A0063010000002601440902 |
Please if anyone can help me...giant thank you.
-Wasif.
Solved! Go to Solution.
10-15-2019 05:34 AM
Hi WSB! Do you check your XML file? How should your machine be authenticated?
Regards!
10-15-2019 05:34 AM
Hi WSB! Do you check your XML file? How should your machine be authenticated?
Regards!
10-16-2019 03:04 AM
10-16-2019 01:24 AM
10-16-2019 03:04 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide