cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2126
Views
0
Helpful
0
Replies
paul
Advocate

pxGrid Computer Info Overriding User info on FMC

All,

 

I have the following situation:

 

We have Passive ID enabled and working correctly. pxGrid is configured and working correctly. Our authorization profiles have reauthentication timers enabled. Our active path authentication is PEAP computer authentication.

 

  1. A person connects their computer to the wired network and authenticates.
  2. That data is fed via pxGrid to FMC who now thinks the IP is a computername.
  3. User logs in and Passive ID collects the user to IP mapping and feds the User information over to FMC
  4. Now FMC thinks the IP is the username and correctly applies our user based policies.
  5. Reauthentication kicks in and ISE send the IP to computer name mapping onto pxGrid.
  6. FMC changes the IP over to the computer name and user based policies stop working.

Is there any way to filter out the computer information on the FMC side? Passive ID mapping filters don't come into play here because the computer auth is in the active path.

 

Thanks.

0 REPLIES 0
Content for Community-Ad