Re: EAP-TLS Authentication Policy Set Being Bypassed

rdc8033 · ‎04-08-2025

Cisco ISE 3.2.0.542 Patch 5

Deploying 802.1x on Aruba AOS-CX 8325, MAB Policy Set is working correctly. Authentication method using dot1x and authentication protocol PEAP (EAP-MSCHAPv2) is successful also. Policy Set for EAP-TLS is being bypassed by ISE.

Certificate Authentication Profile has been configured to allow ISE to use certificates for authentication. Tried using a custom Allowed Protocols Services List to only allow EAP-TLS, then tried using the Default Network Access. ISE falls back to MAB authentication. I am going to attach screenshots showing how ISE is configured, the windows supplicant, and snippets from Radius Live logs. Please let me know if anything else would be helpful. Thank you for the assistance with this!

klnnnnng · ‎04-09-2025

Please check the following document - https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/214975-configure-eap-tls-authentication-with-is.html

rdc8033 · ‎04-09-2025

When trying to view the document I get 403 invalid page or application.

rdc8033 · ‎04-09-2025

I got it to come up, looks like the last "l" in html didn't get hyperlinked.