cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4108
Views
1
Helpful
3
Replies

pxGrid Computer Info Overriding User info on FMC

paul
Level 10
Level 10

All,

 

I have the following situation:

 

We have Passive ID enabled and working correctly. pxGrid is configured and working correctly. Our authorization profiles have reauthentication timers enabled. Our active path authentication is PEAP computer authentication.

 

  1. A person connects their computer to the wired network and authenticates.
  2. That data is fed via pxGrid to FMC who now thinks the IP is a computername.
  3. User logs in and Passive ID collects the user to IP mapping and feds the User information over to FMC
  4. Now FMC thinks the IP is the username and correctly applies our user based policies.
  5. Reauthentication kicks in and ISE send the IP to computer name mapping onto pxGrid.
  6. FMC changes the IP over to the computer name and user based policies stop working.

Is there any way to filter out the computer information on the FMC side? Passive ID mapping filters don't come into play here because the computer auth is in the active path.

 

Thanks.

1 Accepted Solution
3 Replies 3

chris.blake
Level 1
Level 1

We also have this exact problem? Has there been any fix?

RomanMikes95774
Level 1
Level 1

Hi Paul,

have you develop any solution on this please ? We have the same problem: ISE 3.1 / FMC 7.0.5.

 

Regards

Roman