12-17-2019 09:33 AM
Hi all,
I've just noticed a thing looking at failed authentications on a production ISE cluster: a lot of clients, probably smartphones, are trying to connect the WPA2-Enterprise SSID using username "USERNAME". I'm suspecting this is something intentional, but I can't figure out what feature is this and how this should be helpful.
Thanks in advance!
Matteo
Solved! Go to Solution.
12-17-2019 09:47 AM
This was introduced for security reasons. If you look at this link i provided, you will be able to disable the masking by checking the box "Disclose invalid usernames". In earlier 2.4 patches this was only enabled for 60 minutes, if you are on a later patch you can disable it indefinitely.
https://<ise admin ip>/admin/#administration/administration_system/administration_system_settings/protocols/RADIUS
12-17-2019 09:47 AM
This was introduced for security reasons. If you look at this link i provided, you will be able to disable the masking by checking the box "Disclose invalid usernames". In earlier 2.4 patches this was only enabled for 60 minutes, if you are on a later patch you can disable it indefinitely.
https://<ise admin ip>/admin/#administration/administration_system/administration_system_settings/protocols/RADIUS
12-18-2019 12:32 AM
Thanks Damien!
Just to complete the answer, in case someone will need in the future: in ISE 2.6 this setting has been moved under Administration > System > Settings > Security Settings
Regards,
Matteo
12-17-2019 10:00 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide