04-03-2024 03:41 AM
Hi,
we have EAP-FAST (machine and user authentication) working. Can we enable passiveid on this ISE to get more information from AD? Is it supported configuration? Won't it cause any trouble since ISE will see the same record for a user from 802.1x and passiveid?
thank you
Solved! Go to Solution.
04-08-2024 09:03 AM
Yeah I would really push back on that decision.
04-03-2024 06:00 AM - edited 04-03-2024 06:00 AM
Why would you want to do this? Passive ID is way less accurate than active authentication which you already have with EAP-FAST.
04-03-2024 06:02 AM
some devices may not have anyconnect installed so at least something.
04-03-2024 06:11 AM
04-04-2024 11:35 PM
Customer wants to do the FW rules for servers where anyconnect cannot be installed. So the passiveid is enabled for them.
04-05-2024 03:40 AM
04-08-2024 06:25 AM
not sure, not my decision
04-08-2024 09:03 AM
Yeah I would really push back on that decision.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide