Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
686
Views
0
Helpful
2
Replies

ISE 2.4 802.1x issues with laptops loosing authentication

TimPatrick-ADS
Beginner
Beginner

‎05-14-2019 08:16 AM

We are using a Meraki Wireless network, we have rolled out ISE to authenticate the users. 

 

We have a tired structure if the machine and user cert are on then the user has full access. If they only have valid AD credentials they get a BYOD type access.

 

What we are experiencing are devices that connect with full access and then randomly throughout the day re-auth as only BYOD.

 

When the machine first boots it validates the machine and user cert, throughout the day when it re-auths it is only able to see the user so it gives the lower access. 

 

0 Helpful
2 Replies 2

hslai
Cisco Employee
Cisco Employee

‎05-14-2019 10:00 AM

This depends on how the certificates are checked. If the deployment using AnyConnect NAM and EAP-Chaining, both credentials should be checked even in re-auth.

0 Helpful

Mike.Cifelli
Advisor
Advisor

‎05-14-2019 06:06 PM

As @hslai said NAM should reauth both the user & comp. I assume your authz conditions that drive your different results are based on the eapchaining result? Are you able to share your NAM profile config?
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents