cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
548
Views
2
Helpful
3
Replies

ISE 5200 authentication failed

palani2010
Level 1
Level 1

As per ISE Logs, we do see username as USERNAME but user is not prompt for username and password while accessing in SSID

SSID with EAP-TLS configured. Why do we see this behaviour

Cisco ISE Version - 3.2

1 Accepted Solution

Accepted Solutions

PSM
Level 1
Level 1

Hi @palani2010 Since it is EAP-TLS authentication it is supposed to use certificate and not username and password. Username is logs is derived from the certificate attributes. You can verify Certificate Authentication Profile setting (Administration >Identity Management > Certificate Authentication Profiles List )  to see what has been configured for ISE to use an identity. If you are using default Certificate Authentication Profile in your policy, default Profile has Subject- Common Name attribute as Identity.

It looks your certificates does not have value in the filed for the attributes selected in certificate authentication profile.

View solution in original post

3 Replies 3

are you sure this EAP-TLS ?
also are you sure the Username contain HostName or Mac Address?

MHM

Yes it is EAP-TLS.

username showing as USERNAME.

PSM
Level 1
Level 1

Hi @palani2010 Since it is EAP-TLS authentication it is supposed to use certificate and not username and password. Username is logs is derived from the certificate attributes. You can verify Certificate Authentication Profile setting (Administration >Identity Management > Certificate Authentication Profiles List )  to see what has been configured for ISE to use an identity. If you are using default Certificate Authentication Profile in your policy, default Profile has Subject- Common Name attribute as Identity.

It looks your certificates does not have value in the filed for the attributes selected in certificate authentication profile.