We have Passive ID enabled and working correctly. pxGrid is configured and working correctly. Our authorization profiles have reauthentication timers enabled. Our active path authentication is PEAP computer authentication.
A person connects their computer to the wired network and authenticates.
That data is fed via pxGrid to FMC who now thinks the IP is a computername.
User logs in and Passive ID collects the user to IP mapping and feds the User information over to FMC
Now FMC thinks the IP is the username and correctly applies our user based policies.
Reauthentication kicks in and ISE send the IP to computer name mapping onto pxGrid.
FMC changes the IP over to the computer name and user based policies stop working.
Is there any way to filter out the computer information on the FMC side? Passive ID mapping filters don't come into play here because the computer auth is in the active path.