cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
263
Views
0
Helpful
1
Replies

Cisco ISE 3.3 and Entra ID for TEAP(EAPTLS)

appuxavi
Level 1
Level 1

Team,

We have a scenario in which teap-eaptls is not working with Entra ID. EAP-TLS is working and we could see the certificate details in ISE but when the client is configured to use TEAP-EAPtls no logs are see on client side when running the wireshark. Same time ISE is showing TEAP-requested logs. Finally Access drop

  1. Are those machines ( laptops )  added to entra ID ? – yes, machines are joined to entra
  2. Do we have traditional AD infrastructure in the cloud and these computers Hybrid Azure AD / Entra ID Joined ? – yes, we have traditional AD and machines are hybrid joined to the domain.
  3. Does the user accounts  also added to traditional AD infrastructure in the cloud and these users Hybrid Azure AD / Entra ID Joined ? Users are created in AD and synced to Azure AD.

In this case, do we need to integrate traditional AD to work TEAP-EAPTLS chaining properly.

 

@Greg Gibbs

1 Reply 1

Arne Bier
VIP
VIP

Your problem description is too vague.

Is this wired or wireless?

Show your Windows supplicant configuration

Not clear what you mean by "we see certificate details in ISE" - do you mean Live Logs?

Share your Live Logs details page.

Share your ISE RADIUS Policy Map details for Authen and Authorization

The Windows Event Viewer is a good place to view issues related to 802.1X - You have to find the Wired or Wireless supplicant a few levels deep.