Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
352
Views
0
Helpful
1
Replies

dot1x authentication issue on ise

muhsi_2015
Level 1
Level 1

‎05-05-2016 01:12 PM - edited ‎03-10-2019 11:44 PM

Hi,

I have the following setup 

ISE

Allowed protocols
Allow -EAP-TLS


Allow PEAP
PEAP inner Methods
Allow EAP-MSCHAPv2


Allow EAP-TLS

EAP-TTLS Inner Methods
Allow PAP/ASCII
Allow Chap
Allow EAP-MSCHAPv1
Allow EAP-MSCHAPv2
Allow EAP-MD5
Allow EAP-MSCHAPv2
Preffered EAP protocol -PEAP

PC
dot1x authentication

Domain test.local

WPA-Enterprise

AES

EAP-MSCHAP v2

Situation

if the pc has joined in domain , it works .

So i just download the internal CA certificate to the pc's which is not joined in domain , it works

But most of the pc's which is not joined did not work even after validate certificate unchecked (windows).

The users are getting authenticated but traffic  not forwarding from the pc .


How to troubleshoot the issue or what could be the problem

If we use EAP-MSCHAPv2, it means that clients doesn't need to have a certificate,
ISE should have a certificate from internal CA, or it just need self signed certificate ?

Thanks

Labels:
0 Helpful
1 Reply 1

Francesco Molino
VIP Alumni
VIP Alumni

‎05-11-2016 06:29 AM

Hi,

I'm not sure to understand your concern. Could you detail a little bit more what do you want to do?

  • Authentication with certificates? or User/Password?
  • Who is your internal CA?
  • How did you configured your ISE?
  • Could you drop some screenshots concerning your ISE configuration for authentication and authorization?

Thanks


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents