Answer the question
In order to leave comments, you need to log in
A
A
Aleksey Klimenko2018-09-05 11:46:15
Aleksey Klimenko, 2018-09-05 11:46:15
How to properly configure a domain computer to work with Cisco ISE?
Only basic licenses are available for Cisco ISE.
The Win10 Enterprise computer has the Wired AutoConfig service running, the network interface is configured to use PEAP, user authentication is selected, and a certificate is selected to verify the Cisco ISE server over EAP-TLS.
On the server side, the authentication and authorization settings are also made to work through the local AD server.
As a result, authentication and authorization are successful, I log in, the computer gets access to the network, but in the Network Control Center the network status is Public, and therefore there is no access to domain services.
And if the user has never logged in on this computer, then he cannot log in at all. The computer does not see the domain.
I shoveled a bunch of resources, but I could not find a similar situation.
2 answer(s)
@Franciz
The essence of the question is how to change the status of the network from Public to "Domain"?
As far as I remember, when a computer is entered into a domain (and not a workgroup), and when a twisted pair cable is plugged into a PC, it receives an address automatically via DHCP (and not manually driven into a network), then the network status is automatically set to "Domain". If the address is entered by hand, then the statue becomes “Public” or “Private”, depending on which one you chose when you initially connected the PC to the network.
I recommend checking whether the PC is in the Domain and giving it an address via DHTsP, then the network state will be what you need.
Or your Firewall is simply not configured. Go to its settings and for the duration of the test "Allow all incoming".
@Santorio
S
Sergey Ryzhkin, 2018-09-05 @Franciz
And if the user has never logged in on this computer, then he cannot log in at all.Which is quite logical for a domain user.
The computer does not see the domain.Sure? How did you check? The controller does not respond or still how?
The essence of the question is how to change the status of the network from Public to "Domain"?
As far as I remember, when a computer is entered into a domain (and not a workgroup), and when a twisted pair cable is plugged into a PC, it receives an address automatically via DHCP (and not manually driven into a network), then the network status is automatically set to "Domain". If the address is entered by hand, then the statue becomes “Public” or “Private”, depending on which one you chose when you initially connected the PC to the network.
I recommend checking whether the PC is in the Domain and giving it an address via DHTsP, then the network state will be what you need.
Or your Firewall is simply not configured. Go to its settings and for the duration of the test "Allow all incoming".
A
Aleksey Klimenko, 2018-09-05 @Santorio
Live and learn.
I did everything correctly, but at the very last step I did not indicate which settings to send to the switch.
Similar questions
R
K
D
E
EvilMause2013-09-06 17:31:45
Cisco ASA 5510 + mikrotik RB433UAH + l2tp+Ipsec. Incomprehensible log
1Reply
V
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question