https://community.cisco.com/t5/network-access-control/db-integration-in-ise-odbc-vs-active-directory/m-p/5259478#M594916 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="JustTakeTheFirstStep_0-1739328898259.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/239707iD141A1CC02EE7280/image-size/large?v=v2&amp;px=999" role="button" title="JustTakeTheFirstStep_0-1739328898259.png" alt="JustTakeTheFirstStep_0-1739328898259.png" /></span></P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/ise/3-0/admin_guide/b_ISE_admin_3_0/b_ISE_admin_30_asset_visibility.html" target="_self">https://www.cisco.com/c/en/us/td/docs/security/ise/3-0/admin_guide/b_ISE_admin_3_0/b_ISE_admin_30_asset_visibility.html</A></P> <P>Cisco ISE does not support encryption with ODBC. |Hence, ODBC connections are not secured</P> Wed, 12 Feb 2025 02:55:50 GMT JustTakeTheFirstStep 2025-02-12T02:55:50Z https://community.cisco.com/t5/network-access-control/db-integration-in-ise-odbc-vs-active-directory/m-p/5239310#M593915 <P>We are trying to decide between ODBC and AD for our external DB.<BR />We are familiar with AD, but not with ODBC.<BR />Does the integration between ISE and ODBC work well?<BR />We would be grateful to know your experience.</P> Fri, 20 Dec 2024 12:20:53 GMT https://community.cisco.com/t5/network-access-control/db-integration-in-ise-odbc-vs-active-directory/m-p/5239310#M593915 JustTakeTheFirstStep 2024-12-20T12:20:53Z https://community.cisco.com/t5/network-access-control/db-integration-in-ise-odbc-vs-active-directory/m-p/5241075#M593954 <P>It depends what your use case is.</P> <P>AD has one major advantage over all the other methods (LDAP/ODBC) with regards to password protocol support. If you are doing simple PAP password checking (password string comparison), then AD/LDAP/ODBC are equivalent. But as soon as you need CHAP or MSCHAP protocols, then AD (and ISE internal user accounts) are the only option.</P> <P>If however, your use case involves looking up records in an existing ODBC database (e.g. a warehouse system, or a hospital patient record system) then ISE integration certainly works well. It's been a while, but you'll need to write some SQL stored procedures on your SQL back-end, and then ISE can call those procedures, and process the returned data, and map the results to ISE attributes, that you can use in the Authorization Policies. I find it quite tricky and fiddly, because I am not well versed in SQL - but you can find enough tips on web searches to make something happen.</P> <P>Many years ago there was a bug in ISE that prevented the successful fail-over from SQL server 1 to server 2 (if you provided two servers) - but I am sure that bug is resolved - but it would be worthwhile checking that the HA works as expected.</P> <P>&nbsp;</P> Thu, 26 Dec 2024 22:52:37 GMT https://community.cisco.com/t5/network-access-control/db-integration-in-ise-odbc-vs-active-directory/m-p/5241075#M593954 Arne Bier 2024-12-26T22:52:37Z https://community.cisco.com/t5/network-access-control/db-integration-in-ise-odbc-vs-active-directory/m-p/5259478#M594916 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="JustTakeTheFirstStep_0-1739328898259.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/239707iD141A1CC02EE7280/image-size/large?v=v2&amp;px=999" role="button" title="JustTakeTheFirstStep_0-1739328898259.png" alt="JustTakeTheFirstStep_0-1739328898259.png" /></span></P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/ise/3-0/admin_guide/b_ISE_admin_3_0/b_ISE_admin_30_asset_visibility.html" target="_self">https://www.cisco.com/c/en/us/td/docs/security/ise/3-0/admin_guide/b_ISE_admin_3_0/b_ISE_admin_30_asset_visibility.html</A></P> <P>Cisco ISE does not support encryption with ODBC. |Hence, ODBC connections are not secured</P> Wed, 12 Feb 2025 02:55:50 GMT https://community.cisco.com/t5/network-access-control/db-integration-in-ise-odbc-vs-active-directory/m-p/5259478#M594916 JustTakeTheFirstStep 2025-02-12T02:55:50Z