cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3104
Views
0
Helpful
1
Replies

pxGrid Computer Info Overriding User info on FMC

paul
Advocate
Advocate

All,

 

I have the following situation:

 

We have Passive ID enabled and working correctly. pxGrid is configured and working correctly. Our authorization profiles have reauthentication timers enabled. Our active path authentication is PEAP computer authentication.

 

  1. A person connects their computer to the wired network and authenticates.
  2. That data is fed via pxGrid to FMC who now thinks the IP is a computername.
  3. User logs in and Passive ID collects the user to IP mapping and feds the User information over to FMC
  4. Now FMC thinks the IP is the username and correctly applies our user based policies.
  5. Reauthentication kicks in and ISE send the IP to computer name mapping onto pxGrid.
  6. FMC changes the IP over to the computer name and user based policies stop working.

Is there any way to filter out the computer information on the FMC side? Passive ID mapping filters don't come into play here because the computer auth is in the active path.

 

Thanks.

1 Reply 1

chris.blake
Beginner
Beginner

We also have this exact problem? Has there been any fix?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers