Re: Cisco ISE machine authentication fails

Capricorn · ‎01-07-2018

Hi

I have Cisco ISE 1.4 patch 11 and the switch has IOS Version 15.1(2)SG8. I am using PEAP with MS-chapv2 for machine and user authentication. My windows 10 machine can authenticate fine both in user and machine authentication case but I am testing one windows 7 machine which is failing. I have tried lot of trick. Even put this trick into authrz group where my windows 10 machines are but still its failing.

I can see in wireshark that machine reply with its identity name in wireshark but switch replies with failed error I beleive its failed (4).

I even used two patches as mentioned below and update the network driver on my hp laptop but still its failing.

https://supportforums.cisco.com/t5/security-blogs/getting-past-intermittent-unexplained-802-1x-problems-on-windows/ba-p/3104109

Any tips?

Francesco Molino · ‎01-07-2018

Hi

What's the log you're receiving from ISE? Can you share it please?
Have you run a tcpdump on ISE to see if eap packets are transmitted correctly from the machine and ISE?
Have you a run a debug radius and aaa on the switch?

Thanks

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Capricorn · ‎01-07-2018

Well this is strange. I know that when I first moved this windows 7 machine to security group in AD then its Authz profile was not created and I got the failed error. I created the right security group Authrorization condition,result and afterwards it didnt work for few hours. I moved away from my desk and after couple of hours when I came back it started working.