02-23-2014 09:49 PM - edited 03-10-2019 09:26 PM
Hi all,
Trying to authorise 7925G phones using MIC and EAP-TLS. My problem is that I can't seem to get the username in the MIC to match against an Internal Identity group on ISE AuthZ policies. If I remove the endpoint ID group I am able to auth no worries. Everything looks great including the username been in a specific User ID group but I just cannot get it to match a policy with this group selected (both as the ID Group and as an "Internal User:Identity Group" condition).
Any ideas or is this just not possible?
02-24-2014 02:11 AM
I would suggest try MAB to authenticated the decives with ISE and share your authentication policy
02-24-2014 01:58 PM
Out of curiousity why would you suggest MAB in this instance? These devices have MIC certs and are pretty much EAP-TLS ready out of the box? My problem simply lies with the apparent inability of ISE to match the Subject CN againt an internal group.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: