Hi All
We have the following issue with our "still testing" Passive-ID (easy connect) implementation.
When PC "xyz-pc" boots MAB kicks in, match a policy and Limited access dACL is assigned to PC "xyz-pc" switch port.
When the PC User authenticates with MS AD with account "xyz", ISE Passive-ID detects the event and assigns a new dACL with full access as the authorization policy dictates.
Everything works as expected.
Now User "xyz" from PC "xyz-pc" initiates a MS RDP Session to another PC/Server and he uses different credentials lets say "admin_xyz" which is not included in any Passive-ID policy Set.
ISE Passive-ID detects the event, and now assigns a limited dACL to the switch port of device xyz-pc.
The use ends with limited access to the network and must logoff/logon in order to have access back to the network.
Any advice is very welcome.
Thanks in advance