cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
679
Views
0
Helpful
2
Replies

ISE 2.4 802.1x issues with laptops loosing authentication

TimPatrick-ADS
Beginner
Beginner

We are using a Meraki Wireless network, we have rolled out ISE to authenticate the users. 

 

We have a tired structure if the machine and user cert are on then the user has full access. If they only have valid AD credentials they get a BYOD type access.

 

What we are experiencing are devices that connect with full access and then randomly throughout the day re-auth as only BYOD.

 

When the machine first boots it validates the machine and user cert, throughout the day when it re-auths it is only able to see the user so it gives the lower access. 

 

2 Replies 2

hslai
Cisco Employee
Cisco Employee

This depends on how the certificates are checked. If the deployment using AnyConnect NAM and EAP-Chaining, both credentials should be checked even in re-auth.

Mike.Cifelli
Advisor
Advisor
As @hslai said NAM should reauth both the user & comp. I assume your authz conditions that drive your different results are based on the eapchaining result? Are you able to share your NAM profile config?
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers