01-02-2025 04:18 AM
As per ISE Logs, we do see username as USERNAME but user is not prompt for username and password while accessing in SSID
SSID with EAP-TLS configured. Why do we see this behaviour
Cisco ISE Version - 3.2
Solved! Go to Solution.
01-02-2025 11:40 PM
Hi @palani2010 Since it is EAP-TLS authentication it is supposed to use certificate and not username and password. Username is logs is derived from the certificate attributes. You can verify Certificate Authentication Profile setting (Administration >Identity Management > Certificate Authentication Profiles List ) to see what has been configured for ISE to use an identity. If you are using default Certificate Authentication Profile in your policy, default Profile has Subject- Common Name attribute as Identity.
It looks your certificates does not have value in the filed for the attributes selected in certificate authentication profile.
01-02-2025 04:22 AM
are you sure this EAP-TLS ?
also are you sure the Username contain HostName or Mac Address?
MHM
01-02-2025 09:17 AM
Yes it is EAP-TLS.
username showing as USERNAME.
01-02-2025 11:40 PM
Hi @palani2010 Since it is EAP-TLS authentication it is supposed to use certificate and not username and password. Username is logs is derived from the certificate attributes. You can verify Certificate Authentication Profile setting (Administration >Identity Management > Certificate Authentication Profiles List ) to see what has been configured for ISE to use an identity. If you are using default Certificate Authentication Profile in your policy, default Profile has Subject- Common Name attribute as Identity.
It looks your certificates does not have value in the filed for the attributes selected in certificate authentication profile.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide