Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1524
Views
10
Helpful
2
Replies

Cisco ISE and Intel AMT $iME

Go to solution
leighharrison
Level 7
Level 7

‎04-04-2022 08:23 AM

Hello folks,

 

We've got an issue using dot1x on 9300's that when a PC goes into sleep mode, the Intel NIC spits out "domain\hostname$iME" as a radius hostname, which fails auth.

 

Is there a trick to getting these things to authenticate? I've had a look at matching with a "starts with 'domain'" AND ends with "$iME", but that doesn't seem to work. It looks from the log like the NIC is failing TLS?

 

iME Fail.png

 

Anyone seen this and got some tips?

 

Best, Leigh

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Arne Bier
VIP
VIP

‎04-04-2022 05:52 PM

The EAP-FAST looks suspiciously like AnyConnect NAM - are you using Cisco AnyConnect by any chance?  

Are you saying this happens before the laptop eventually goes to sleep, or after it wakes up from sleep?

Does the rest of your 802.1X work as expected? How is your supplicant configured?

 

Normally, when you see host/xxxx in the RADIUS User-Name then it indicates that the Windows host is trying to perform Computer authentication. This happens during the PC boot up and also during the Windows user log off process.

View solution in original post

2 Replies 2

Go to solution
Arne Bier
VIP
VIP

‎04-04-2022 05:52 PM

The EAP-FAST looks suspiciously like AnyConnect NAM - are you using Cisco AnyConnect by any chance?  

Are you saying this happens before the laptop eventually goes to sleep, or after it wakes up from sleep?

Does the rest of your 802.1X work as expected? How is your supplicant configured?

 

Normally, when you see host/xxxx in the RADIUS User-Name then it indicates that the Windows host is trying to perform Computer authentication. This happens during the PC boot up and also during the Windows user log off process.

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎04-05-2022 12:29 PM

I am with @Arne Bier on this one with the thought that NAM is in use simply because EAP-FAST is shown.  Take a look at the configured unprotected identity patterns defined in the NAM profile.  Wondering if that may have anything to do with what you are seeing.  Pretty sure the default is set to anonymous, but worth a shot to check a box.

Customers Also Viewed These Support Documents