05-14-2019 08:16 AM
We are using a Meraki Wireless network, we have rolled out ISE to authenticate the users.
We have a tired structure if the machine and user cert are on then the user has full access. If they only have valid AD credentials they get a BYOD type access.
What we are experiencing are devices that connect with full access and then randomly throughout the day re-auth as only BYOD.
When the machine first boots it validates the machine and user cert, throughout the day when it re-auths it is only able to see the user so it gives the lower access.
05-14-2019 10:00 AM
This depends on how the certificates are checked. If the deployment using AnyConnect NAM and EAP-Chaining, both credentials should be checked even in re-auth.
05-14-2019 06:06 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide