cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
160
Views
5
Helpful
3
Replies
Beginner

Security Policy-Access Mobility Express

 

I have configured my ISE running version 2.6 to authenticate wireless clients.Users coming in from Android,Apple and linux machines  can authenticate correctly and have access to the network,but with regards to windows clients this is not possible.This comes as error 5400 and i googled the error from other forums and it was pointing to certificate issue.So i had to manually accept the certificate on my windows test machine in windows and sharing centre an it worked perfectly.Now the questions is i have thousands of users and i cant go one after to update.If i use a supplicant like anyconnect it works fine.Do we have another route other than the mentioned above to solve this issue

 

3 REPLIES 3
VIP Advocate

Re: Security Policy-Access Mobility Express

Normally, if the users makes a fresh connection to the SSID (assuming you are talking about wireless), they get asked if the certificate is correct and if they agree to that, they have wireless access. This is completely normal on Windows and SSIDs with a certificate authentication. Only way around that is to have managed devices and push the wireless configuration via Group Policy, including the certificate.

The idea about showing and accepting the certificate is to avoid man in the middle attacks. Only if the correct certificate (thumbprint) is shown, the user should connect.
Beginner

Re: Security Policy-Access Mobility Express

Hi patoberli


Through further digging i found out that the problem is between ISE and CIS server(LDAP) is not supporting PEAP and MSCHAPv2.Any workaround on this
VIP Advocate

Re: Security Policy-Access Mobility Express

I don't know the product CIS and haven't used ISE so far for wireless.
Make sure that TLS1.0 is enabled though, some modern radius servers might have that disabled, but at least for Windows 7 and some OS X clients this is required when using PEAP with MSCHAPv2.
CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards