dot1x authentication issue on ise
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-05-2016 01:12 PM - edited 03-10-2019 11:44 PM
Hi,
I have the following setup
ISE
Allowed protocols
Allow -EAP-TLS
Allow PEAP
PEAP inner Methods
Allow EAP-MSCHAPv2
Allow EAP-TLS
EAP-TTLS Inner Methods
Allow PAP/ASCII
Allow Chap
Allow EAP-MSCHAPv1
Allow EAP-MSCHAPv2
Allow EAP-MD5
Allow EAP-MSCHAPv2
Preffered EAP protocol -PEAP
PC
dot1x authentication
Domain test.local
WPA-Enterprise
AES
EAP-MSCHAP v2
Situation
if the pc has joined in domain , it works .
So i just download the internal CA certificate to the pc's which is not joined in domain , it works
But most of the pc's which is not joined did not work even after validate certificate unchecked (windows).
The users are getting authenticated but traffic not forwarding from the pc .
How to troubleshoot the issue or what could be the problem
If we use EAP-MSCHAPv2, it means that clients doesn't need to have a certificate,
ISE should have a certificate from internal CA, or it just need self signed certificate ?
Thanks
- Labels:
-
AAA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-11-2016 06:29 AM
Hi,
I'm not sure to understand your concern. Could you detail a little bit more what do you want to do?
- Authentication with certificates? or User/Password?
- Who is your internal CA?
- How did you configured your ISE?
- Could you drop some screenshots concerning your ISE configuration for authentication and authorization?
Thanks
Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
