cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

370
Views
0
Helpful
2
Replies
Highlighted

ISE AuthZ for Wireless Phones MIC EAP-TLS

Hi all,

Trying to authorise 7925G phones using MIC and EAP-TLS. My problem is that I can't seem to get the username in the MIC to match against an Internal Identity group on ISE AuthZ policies. If I remove the endpoint ID group I am able to auth no worries. Everything looks great including the username been in a specific User ID group but I just cannot get it to match a policy with this group selected (both as the ID Group and as an "Internal User:Identity Group" condition).

Any ideas or is this just not possible?

Everyone's tags (7)
2 REPLIES 2
Highlighted
Enthusiast

Re: ISE AuthZ for Wireless Phones MIC EAP-TLS

I would suggest try MAB to authenticated the decives with ISE and share your authentication policy

Highlighted

Re: ISE AuthZ for Wireless Phones MIC EAP-TLS

Out of curiousity why would you suggest MAB in this instance? These devices have MIC certs and are pretty much EAP-TLS ready out of the box? My problem simply lies with the apparent inability of ISE to match the Subject CN againt an internal group.