Cisco Support Community
Community Member

ISE AuthZ for Wireless Phones MIC EAP-TLS

Hi all,

Trying to authorise 7925G phones using MIC and EAP-TLS. My problem is that I can't seem to get the username in the MIC to match against an Internal Identity group on ISE AuthZ policies. If I remove the endpoint ID group I am able to auth no worries. Everything looks great including the username been in a specific User ID group but I just cannot get it to match a policy with this group selected (both as the ID Group and as an "Internal User:Identity Group" condition).

Any ideas or is this just not possible?

Everyone's tags (7)

Re: ISE AuthZ for Wireless Phones MIC EAP-TLS

I would suggest try MAB to authenticated the decives with ISE and share your authentication policy

Community Member

Re: ISE AuthZ for Wireless Phones MIC EAP-TLS

Out of curiousity why would you suggest MAB in this instance? These devices have MIC certs and are pretty much EAP-TLS ready out of the box? My problem simply lies with the apparent inability of ISE to match the Subject CN againt an internal group.

CreatePlease to create content