Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1783
Views
25
Helpful
4
Replies

Wireless with ISE, the process stop

Go to solution
naoki_Japan
Spotlight
Spotlight

‎09-26-2021 11:18 PM - edited ‎09-27-2021 01:13 AM

I wanna introduce the combination of machine authentication and dot1X with ISE via AD using wireless and wired.

To do that, I separated authorization rule into two parts "almost like" below.(off courser, I use Wired or Wireless dot1X with Authentication field)

 

1 AD_LOGIN_COMPUTER

if  AD:External group  equals AD/Users/Domains Computers  and

   Radius:NAS-Port-Type Equal Ethernet ※(Wireless - IEE802.11 )

 ......

 then

  .....

 

2. AD_LOGIN_USERS

if  AD:External group  equals AD/Users/Domains Users  and

   Radius:NAS-Port-Type Equal Ethernet ※(Wireless - IEE802.11 )

   Network Access: WasMachineAuthenticated Equals True

 

then Permit all

 

 

As for wired users, they are successfully authenticated with the order, machine authentication → user authentication. 

However, for wireless users, they are authenticated only with machine authentication. I do not know why user authentication process is not processed.

 

 

Is there anyone teach me the solutions?

 

2 Accepted Solutions

Accepted Solutions

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎09-27-2021 05:52 AM

However, for wireless users, they are authenticated only with machine authentication. I do not know why user authentication process is not processed.

-Please share additional information so the community can better assist.  The following items are things to share/consider:

--A Radius live log from successful wired and failed wireless session.

--Type of supplicant being used? Version of ISE?

--I would generate a DART bundle from troubled wireless client unable to properly onboard as expected and parse logs.

 

View solution in original post

Go to solution
Dustin Anderson
VIP
VIP

‎09-27-2021 01:50 PM

You would need to check the 802.1x settings for wireless. We use similar for wireless PCs and get machine when they are not logged in and user when logged in, but 802.1x needs to be set to user or computer, not just computer.

 

 

View solution in original post

4 Replies 4

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎09-27-2021 05:52 AM

However, for wireless users, they are authenticated only with machine authentication. I do not know why user authentication process is not processed.

-Please share additional information so the community can better assist.  The following items are things to share/consider:

--A Radius live log from successful wired and failed wireless session.

--Type of supplicant being used? Version of ISE?

--I would generate a DART bundle from troubled wireless client unable to properly onboard as expected and parse logs.

 

Go to solution
naoki_Japan
Spotlight
Spotlight
In response to Mike.Cifelli

‎09-27-2021 11:03 PM

As I re-confirmed the setting of wireless PC, I found my mistake.

Thank you for your support!

Go to solution
Dustin Anderson
VIP
VIP

‎09-27-2021 01:50 PM

You would need to check the 802.1x settings for wireless. We use similar for wireless PCs and get machine when they are not logged in and user when logged in, but 802.1x needs to be set to user or computer, not just computer.

 

 

Go to solution
naoki_Japan
Spotlight
Spotlight
In response to Dustin Anderson

‎09-27-2021 11:05 PM

As you advised, I re-checked the setting of devices and found miss-configuration on my PC.

Thank you for big help

Customers Also Viewed These Support Documents