@ggenti as it's the ISE deployment you manage, then you change you EAP certificate to a certificate the partner device trusts (a public CA signed certificate) and import their CA certificate to your ISE. They should then be able to authenticate to yo...
@ggenti ISE only allows one EAP certificate, but you could use a public CA signed ceritifcate that all client computers would trust. Then import the customer's private CA certificate to ISE trusted certificate store. ISE will then be able to authenti...
@DOUMI so if you are seeing unauthorised login attempts they must be permitted by another rule? Run packet-tracer to simulate traffic that should be allowed (whitelist) and another that should be denied. Confirm what ACL ACE should be matched.
@DOUMI is the above configuration before or after the change? I don't see a group called white-list
There would be an implict deny, so if you are seeing unauthorised login attempts they must be permitted by another rule? Run packet-tracer to simulate...
@DOUMI if you created a new ACL did you apply that to the interface - "access-group <ACL NAME> in interface <INTERFACE>" if not the ACL is not in use.
If that is not the issue, please provide your configuration so we can determine the cause.