cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
Register for the monthly ISE Webinars to learn about ISE configuration and deployment.
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

88
Views
0
Helpful
3
Replies
Beginner

Wired EAP-FAST User Machine authentication

Dears,

I am trying to authenticate my domain PC's/users with ISE and am using Any-connect 4.2 with eap-fast user and machine authentication.

Everything was working with window 7 until I re-image two nodes from 1.4 to 2.2 and restore ISE configs. I have window 7 which is in process to upgrade to window 10.

ISSUE:
1. After signing out window 10 machine authentication is happening and getting right result but after signing in with domain user posture is not working after looping its saying no policy server found. For it to work i have to click on NAM profile once more to re authenticate and in that case its starting its posture check.

2. Some machines are not even authenticating even i did restart, sign out. No session is showing on switch-port.
3. Some machine on authentication getting IPV6 logo only because we are not using IPv6 in the environment.

Everyone's tags (2)
3 REPLIES 3
Rising star

Re: Wired EAP-FAST User Machine authentication

Try using NAM profile editor to change configuration.xml to enable port exceptions (allow data traffic before authentication). Are you performing VN or vlan changes during the authz process? For example, restricted access in one vlan until posture status is compliant.
Beginner

Re: Wired EAP-FAST User Machine authentication

Hi Mike.

Thank you for the reply. Yes suggested option is already enabled and am using dACL to restrict instead of VLAN.

Highlighted
Beginner

Re: Wired EAP-FAST User Machine authentication

"Ansar"