cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9111
Views
4
Helpful
15
Replies

Cisco ISE 2.0 Native Supplicant Certificate Issue

Maxim Bezzubov
Level 1
Level 1

Hi

ISE 2.0. Corp PC joined to the AD, OS Win 8.1. I have created a GPO following this https://technet.microsoft.com/en-us/library/dd759154.aspx

So computer acc have auth, after that - users auth does. It works fine until I enable option: Validate server certificate. We have bought for the EAP a public certicate from  Thawte, Thawte root is distrubluted via GPO - users trusted it.

After Windows OS is booted I have seen this on switch:

sh authentication sessions interface gi1/0/19 details
Interface: GigabitEthernet1/0/19
MAC Address: xxxx
IPv6 Address: Unknown
IPv4 Address: 10.x.x.x
User-Name: host/notebook.domain.local
Status: Unauthorized
Domain: DATA
Oper host mode: multi-auth
Oper control dir: both
Session timeout: N/A
Restart timeout: 10s (local), Remaining: 9s
Session Uptime: 170s
Common Session ID: 0A6401090000002303AF7A9D
Acct Session ID: 0x0000001F
Handle: 0x3900000F
Current Policy: POLICY_Gi1/0/19

Local Policies:
Service Template: DEFAULT_LINKSEC_POLICY_SHOULD_SECURE (priority 150)

Method status list:
Method State

dot1x Stopped

So Machine auth is stucked. I noticed that if now I login in Windows and just logout, Machine auth is proceed correctly, so as user then.

I couldn't figured out where is bug or some miscofiguration: Windows, ISE or dot1x on switch.