This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Is there an easy way to get user identity in ISE 2.1 when using machine authentication for 802.1x. My end goal is to have a IP to username mapping, and to use pxGrid to allow my WSA to grab that mapping as well.
My current setup uses 802.1x Peap (Eap-MSChapv2) for authentication so when looking at radius logs, the only info is the system name or mac address. The systems are authenticated against AD which is setup as an External Identity source.
I was doing some reading on Passive Identity using Easy Connect in Visibility-mode but it seems likes a lot of changes on my AD server will have to occur before setting this up, and I didn't see any support for Windows Server 2016.
Are there any other options within ISE to accomplish this?
If I already have the AD External ID Source setup, do I even need Easy Connect to get the user info?
Solved! Go to Solution.
PassiveID in ISE 2.1 is WMI and yes, will require several modifications to AD but it should still provide a user to IP mapping even without EasyConnect. Also as you pointed out, 2.1 doesn't have support for AD 2016. You would need to upgrade to a newer version of ISE for that support.
In the near future I hope to get to 2.4 but there are a lot of moving parts that rely on our ISE and we are a little wary that the upgrade will break something.
I have read this on other forums as well but haven't been able to find a clear Cisco guide for this. How would I setup PassiveID without using EasyConnect? I don't want to have to make any changes to my AD server for simple IP to User mappings.
You may be right. I'm new to the WSA's and was unfamiliar with the transparent authentication feature. I will do some more reading on it.
Another reason I was looking at pxgrid was to also use it to share user identity with infoblox.