cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
652
Views
0
Helpful
1
Replies

ISE with Machine Certificates getting User Identity to Stealthwatch

kkaminsk
Cisco Employee
Cisco Employee

Folks,

I have a large customer currently doing PEAP for wired and wireless and using Stealthwatch. Identity information is going to Stealthwatch via syslog.  All is good in the world.

Now they are moving to Machine certificates for better security.  We had a discussion about Stealthwatch not getting the user identity information then and recommeded user certificates also.  The AD team is balking due to the storage needed for the user cert in the user object.

Question - can we use an EZConnect connection into AD to get the user information even if we are not doing EZConnect via WMI?(I know this is not the use case for EZConnect).  Any other way for Stealthwatch to have the proper user and profiled device information?

1 Reply 1

hslai
Cisco Employee
Cisco Employee

EZC is not vetted for DOT1X use case in ISE 2.1. It might work but not yet supported. If the enforcement needs the user info, I see no other way to do it.