MAB Authentication with ISE using Certificates username issues

Sakun Sharma · ‎05-28-2015

Hi,

I have a switched configured for MAB authentication with Cisco ISE. ISE is configured with AD to authenticate the users and we are using device certificate for authentication.

When machine send details for authentication, many time it will send username - MAC address or host/<machine name in certificate> / <machine name>

When clients sends <machine name> as username, ISE can detect it from AD and authenticate successfully, but when it sends MAC address or host/machine name then ISE cannot.

So my question is why does client machine send MAC or host/machine name to ISE?

I have configured multi-mode authentication as machines are connected via IP Phones.

Many Thanks.

Venkatesh Attuluri · ‎05-29-2015

"So my question is why does client machine send MAC or host/machine name to ISE? "

When MAC authentication bypass used then

"username = password = MAC address"

http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/config_guide_c17-663759.html#wp9000178

incase of machine authentication then host name is used

So my question is why does client machine send MAC or host/machine name to ISE? - See more at: https://supportforums.cisco.com/discussion/12520276/mab-authentication-ise-using-certificates-username-issues#comment-form