06-10-2020 04:53 AM
Hi All,
We just setup a new internal PKI, so we need to test dot1x on wireless and wired on the new certificate.
Testing has shown that some clients with a new cert is authentication properly, no error in RADIUS logs.
Other clients present the new certificate with different errors
- auth is OK, connects to the network but is limited to the wireless subnet?
- log step 15013 "Selected identity source", returns "empty"?
- client lookup is OK, but step 24352 "Identity resolution failed" returns "ERROR_NO_SUCH_USER"?
I'm sure the they are mostly related, but step 15013 concerns me the most.
Prior to testing, I've added the new CA cert to ISE, under "trusted certificates". Not sure it was required, but mostly old habit from other dot1x installations, well knowing that ISE syncs AD information.
Policies and such, I havn't touched.
Kind regards,
Michael
Solved! Go to Solution.
06-10-2020 05:57 AM
06-10-2020 05:57 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide