Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
643
Views
0
Helpful
0
Replies

Cisco ISE 2.1 posture with Aruba Wireless - EAP-chaining

Attila Horvath
Level 1
Level 1

‎01-16-2017 11:20 AM - edited ‎03-11-2019 12:22 AM

Hi, 

We try to implement ISE 2.1 posture with  Aruba Controller/AP.

Does anyone have any experience how can we do it?

We use EAP-chaning, certificate auth for Machine, and password auth for user.

We can change the Role (from guest to Authenticated) with Aruba-User-Role Radius answer, we can send CoA, and normally we can 

succesfully manage the posture.

But - if user logged out from machine, and revert to Role back to Restricted (with succesful machine authentication),

and try to login again, the Aruba WLC (Assume the PMK caching) says "Setting cached role to guest for user <MAC>” , and the posture will not occured,

and the user stuck in Guest role despite of successfull authenticaton.

What is wrong with this? The ISE 2.1 Compatibility Matrix shows Aruba as supported OS.

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents