Re: Wired EAP-FAST User Machine authentication

ansarjavaid54 · ‎03-31-2019

Dears,

I am trying to authenticate my domain PC's/users with ISE and am using Any-connect 4.2 with eap-fast user and machine authentication.

Everything was working with window 7 until I re-image two nodes from 1.4 to 2.2 and restore ISE configs. I have window 7 which is in process to upgrade to window 10.

ISSUE:
1. After signing out window 10 machine authentication is happening and getting right result but after signing in with domain user posture is not working after looping its saying no policy server found. For it to work i have to click on NAM profile once more to re authenticate and in that case its starting its posture check.

2. Some machines are not even authenticating even i did restart, sign out. No session is showing on switch-port.
3. Some machine on authentication getting IPV6 logo only because we are not using IPv6 in the environment.

Mike.Cifelli · ‎04-01-2019

Try using NAM profile editor to change configuration.xml to enable port exceptions (allow data traffic before authentication). Are you performing VN or vlan changes during the authz process? For example, restricted access in one vlan until posture status is compliant.

bassam · ‎04-02-2019

Hi Mike.

Thank you for the reply. Yes suggested option is already enabled and am using dACL to restrict instead of VLAN.

ansarjavaid54 · ‎04-02-2019

"Ansar"