Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1924
Views
50
Helpful
2
Replies

Cisco ISE 802.1X with MAB Wireless authentication

Go to solution
ezzaariyouness
Level 1
Level 1

ā€Ž02-27-2022 04:28 AM

Hello ;

actually, I'm setting up wireless authentication On cisco ISE 3.0 with 802.1X MS-CHAPv2 and MAB, but it's not working.

my objective it's authenticating users based on the username/password and MAC  for this I apply it to the authentication Policy.

I'm sure that I'm doing something incorrectly.

find attached the policy that I created.

can you please help me create this correctly?

 

Best regards

Younes

Preview file
63 KB
Preview file
64 KB
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

ā€Ž02-27-2022 05:09 AM

@ezzaariyouness change the policy set condition to Wireless_8021x OR Wireless_MAB, the supplicant is only ever going to do one at time.

 

If you want to combine valid Username/Password (802.1x) and MAC address, then use an Identity Group that lists all the valid MAC addresses, then on the Authorisation Policy combine an AD Group AND the Identity Group.

View solution in original post

2 Replies 2

Go to solution
Rob Ingram
VIP
VIP

ā€Ž02-27-2022 05:09 AM

@ezzaariyouness change the policy set condition to Wireless_8021x OR Wireless_MAB, the supplicant is only ever going to do one at time.

 

If you want to combine valid Username/Password (802.1x) and MAC address, then use an Identity Group that lists all the valid MAC addresses, then on the Authorisation Policy combine an AD Group AND the Identity Group.

Go to solution
ezzaariyouness
Level 1
Level 1

ā€Ž03-01-2022 07:08 AM

Thank Rob , it's work now .

best regards

Younes

Customers Also Viewed These Support Documents