10-16-2023 09:07 AM
Hello!
I'm trying to find out which kind of authentication is supported by ISE PIC Agent Provider.
What is my problem:
* When a user logs in to PC with an AD account, ISE PIC does the user to IP address mapping; Works with wired and wireless access;
* When an authenticated user, moves from wired to wireless, the ISE PIC does not recognize the IP address;
* The WLAN is based on a third-party solution, but it does authenticate with the AD, but using RADIUS (802.1x).
Do you know if RADIUS auth is supported by ISE PIC Agent Provider? From my observations, looks like the ISE PIC Agent provider just works when the user authenticates on Windows Logon.
Regards,
Fabio
Solved! Go to Solution.
10-16-2023 02:19 PM
The Passive ID agent works by monitoring the logon events on the domain controller and capturing the user/IP mappings seen by the DC.
A transition between wired and wireless does not trigger a logon event, therefore neither the DC nor ISE-PIC will know about it. For wireless, you would be better off actively authenticating the endpoints via 802.1x using the full version of ISE.
10-16-2023 02:19 PM
The Passive ID agent works by monitoring the logon events on the domain controller and capturing the user/IP mappings seen by the DC.
A transition between wired and wireless does not trigger a logon event, therefore neither the DC nor ISE-PIC will know about it. For wireless, you would be better off actively authenticating the endpoints via 802.1x using the full version of ISE.
10-17-2023 04:27 AM
Greg, thank you!
It's just the information that I need. You helped me a lot.
On the Windows Server, I can see the logs from both logon and RADIUS, but I was not sure if the agent was verifying the RADIUS ones.
I thought about using the SYSLOG provider, but as the switches do not have 802.1x implemented, I think that I'll have the same issue when I roam from wireless to wired, as I don't have a log from the switch to indicate the change.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide