Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
357
Views
0
Helpful
2
Replies

How can I see/verify EAP/Radius communication?

newbieftd
Level 1
Level 1

‎02-28-2018 03:12 PM

We have ISE 2.2 Patch 3 in AD forest.

Some initial configuration was done for us in the parent forest (parent.com), but now I want to authenticate/authorize users and computers in a child.parent.com domain.

A parent.com user and computer authenticate over wireless using 802.1x supplicant.

Issue (using the same computer as above): a user in child.parent.com cannot authenticate/access over wireless - wired is ok.

In the radius log, I see the hardware (host\computername) authenticate, but I don't see anything else in the log (no user info).

On the computer (Win7), if I try to connect to the SSID, starts to connect, then it fails to connect.

I am at a loss on where/how to dig into this.

thx-

0 Helpful
2 Replies 2

kthiruve
Cisco Employee
Cisco Employee

‎02-28-2018 04:08 PM

Hi,

Please make sure the supplicant is configured for user/machine auth or what ever the settings you want to be. In your case, it looks like computer is doing a machine auth and not user auth.

Here is an article that may help you in that

https://www.networkworld.com/article/2940463/it-skills-training/machine-authentication-and-user-authentication.html

https://documentation.meraki.com/MS/Access_Control/Configuring_802.1X_Wired_Authentication_on_a_Windows_7_Client

Thanks

Krishnan

0 Helpful

hslai
Cisco Employee
Cisco Employee

‎03-01-2018 05:01 PM

As you mentioned you are not seeing logs in ISE, it's likely that the wireless NAD not sending the requests to ISE at all. Thus, I would suggest to debug on the wireless NAD (WLC?).

0 Helpful
Customers Also Viewed These Support Documents