Solved: Re: client cannot use MAC authentication with ISE - Page 2

sbmc014 · ‎05-02-2018

Hi , PC want to use MAC authentication with ISE but fail , i made the document for detail process and result (as attachment) , Could you help me to figure it out ? thx

sbmc014 · ‎05-11-2018

sorry , after i double confirm , if i just enable PAP/ASCII in my profile (as attachment ) ,

then all clients can pass through 802.1x MAC auth even there is no this MAC exist ISE endpoint profile table , it is abnormally , what's configurations should i need to adjust ?

hslai · ‎05-11-2018

Check the options for auth failures, especially in case of User Not Found. If User Not Found set to CONTINUE, then what you seeing is expected.

ognyan.totev · ‎05-03-2018

Jason is right not same shared secret ,and i wonder in ise 2.2 we have a option to enable radius for third party vendors i dont know in ISE 2.4 there is same option

sbmc014 · ‎05-03-2018

thanks for your reply , i am sure the secret value are the same between switch & ISE , it probably some other things going wrong.

ognyan.totev · ‎05-03-2018

As you see you there are invalid radius attributes .In cisco switch we define attributes like:

radius-server attribute 6 on-for-login-auth

radius-server attribute 6 support-multiple

radius-server attribute 8 include-in-access-req

radius-server attribute 25 access-request include

radius-server attribute 31 mac format ietf

radius-server vsa send accounting

radius-server vsa send authentication

I never configured switch on WEB i always do on cli.ANd this is the commands for cisco switch i don't know is your switch support it .

hslai · ‎05-05-2018

After reviewing your word doc, I am now thinking the user-password is not the same as the user-name. This RSA doc 000035182 - How to decrypt RADIUS traffic using... | RSA Link might help decrypting it.