Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Who Me Too'd this topic

pxGrid Computer Info Overriding User info on FMC

paul
Level 10
Level 10

‎12-10-2020 07:57 AM

All,

 

I have the following situation:

 

We have Passive ID enabled and working correctly. pxGrid is configured and working correctly. Our authorization profiles have reauthentication timers enabled. Our active path authentication is PEAP computer authentication.

 

  1. A person connects their computer to the wired network and authenticates.
  2. That data is fed via pxGrid to FMC who now thinks the IP is a computername.
  3. User logs in and Passive ID collects the user to IP mapping and feds the User information over to FMC
  4. Now FMC thinks the IP is the username and correctly applies our user based policies.
  5. Reauthentication kicks in and ISE send the IP to computer name mapping onto pxGrid.
  6. FMC changes the IP over to the computer name and user based policies stop working.

Is there any way to filter out the computer information on the FMC side? Passive ID mapping filters don't come into play here because the computer auth is in the active path.

 

Thanks.

3 people had this problem
0 Helpful
Who Me Too'd this topic