Solved: Re: Cisco ISE 2.4 Identity not resolving hostname - Breaking EAPTLS Lookup

NicholasSansone8139 · ‎04-30-2020

Hello,

I have ISE setup for our wired and wireless network. For our wireless network and wired networks, it will query AD to see if the device belongs to the membership of a specific group.

Device Connects > Checks group Membership > Moves to defined VLAN

For our Wired devices, they Identity that is coming back on the live logs is the MAC address of the device, not the device name. For example,

Wireless success: host\hostname.domain

Wired success with MAB only: MAC Address, does not resolve the hostname

Since the certificate is tired to the hostname, EAPTLS is not working. It doesn't appear that it is looking up the device identity and tying it to the Active Directory identity of the device.

AD is synced with ISE, but is there some way to import devices that I am missing?

Thank you!

Francesco Molino · ‎04-30-2020

Hi

Have you started the wired autoconfig service to enable dot1x? What configuration have you applied to the wired supplicant?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Francesco Molino · ‎04-30-2020

Hi

Have you started the wired autoconfig service to enable dot1x? What configuration have you applied to the wired supplicant?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

NicholasSansone8139 · ‎05-01-2020

That was exactly the issue. Thanks!

Francesco Molino · ‎05-04-2020

Great to know that helped.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question