Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I'm in progress of deployment of an ISE solution for my customer and last week within couple hours we noted steep increase in Authentication Latency from 3-5ms to 500-600ms. First of all we checked config logs and there was no changes to the ISE wit...
Hi, I have a situation where customer is looking to perform EAP-TLS authentication of Linux machines against corporate AD. We managed to generate and install machine certificates on a test Linux (Ubunty) host and run 802.1X supplicant. We also manual...
I'm working with a customer that has both machine (WIn10) and user authentication enabled via EAP-TLS. Machine auth works fine and existing users also fine. However, when a new user is trying to login to the machine it's unable to load profiles/certi...
Can someone please shed some light on Endpoint status (Connected/Disconnected/Rejected) in the Context visibility > Endpoints. My client is running ISE 2.3 and we can observe lots of hosts that according to ISE should be disconnected, but actually co...
Finally we resolved this issue. Steps required: 1. In AD create a computer object with name identical to the Linux/Unix host name. 2. In the object properties add servicePrincipalName (SPN) values with prefix host/ (e.g. host/[name] or host/[name].[d...
Finally have some progress. After we added SPN to the computer object ISE is able to do lookup in AD and Win machine can authenticate with GPO generated certificate. However, Linux machine certificate FAILED with the same "ERROR_NO_SUCH_USER"So the p...
"authorization of the machine based on its presence in AD, or membership in group" - that is exactly the use case. Clarification on some of the points: External CA (integrated with AD) is used to issues Win certificates and sign Lunix machine certs. ...
Thanks to all for the help. Here is a Cisco article that explains sequence of the events and it looks very accurate and applicable to both Win 7 and Win 10, thought the article is bit old. https://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/...
