topic Re: Policy Set: Internal users OR Active directory in Network Access Control

Policy Set: Internal users OR Active directory

wuet — Mon, 07 Feb 2022 13:38:28 GMT

Hello together

I have different client types, which all authenticates with MsCHAPv2.

Some groups of clients has the accounts/passwords stored as internal user in the Cisco ISE, other accounts/passwors are stored in the active directory.

Now I want to make a policyset, where all clients with MsChapV2 first search in the internal store of the ISE. If the users there are not found, it should look in the active directory.

Is it possible to do it like this?

Re: Policy Set: Internal users OR Active directory

Udupi Krishna. — Mon, 07 Feb 2022 13:56:56 GMT

As long as a user is verified against a policy set based on the matched protocol, an identity source sequence with internal store and AD can be used to verify the user in these stores. Provided internal store is the first in the sequence, it will be checked first followed by AD.

Re: Policy Set: Internal users OR Active directory

wuet — Mon, 07 Feb 2022 15:47:33 GMT

Perfect, the sequences is what I searched. Thank you very much for your fast answere!