Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
524
Views
0
Helpful
4
Replies

802.1x with cisco ISE

Mustapha Bassim
Level 1
Level 1

‎05-29-2023 02:21 AM

Hello Dears

We are planning to impelment Cisco ISE with 802.1x and we have the following quiestions :

1-is it possible to connect ISE with Microsoft AD so the login user for 802.1x is done with AD username/password?

2-is 802.1x is working without issue with windows 10 and windows 11?

Best Regards

Labels:
0 Helpful
4 Replies 4

Flavio Miranda
VIP
VIP

‎05-29-2023 02:30 AM

Hi

1 - it is. You can check this guide

https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/ise_active_directory_integration/b_ISE_AD_integration_2x.html 

2 - without issue is too optmistic but Yes, they work. Just check the compatibilty with ISE version

https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/compatibility_doc/b_ise_sdt_31.html#microsoftwindows 

 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-29-2023 05:20 AM

AD integration is not only possible, as @Flavio Miranda noted, but is used in almost all ISE deployments when we are securing wired or wireless networks.

It works fine with all current Windows versions.

It is worth mentioning that recently Microsoft has begun to deprecate MS-CHAPv2 so we need to account for that in our ISE deployment. https://community.cisco.com/t5/network-access-control/windows-11-22h2-credential-guard-enforcement/td-p/4695655

0 Helpful

Mustapha Bassim
Level 1
Level 1

‎05-30-2023 12:24 AM

Hello Dears and thnx for reply 

could we authenticate 802.1x without ISE certification 

i am need the user just checking by username/password not using any authenication method anyone can help ?

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Mustapha Bassim

‎05-30-2023 01:42 AM

Checking username and password IS authentication.

We can configure Windows to work with 802.1x so that the supplicant (Windows built-in software program settings that work with wired or wireless networks) automatically provides ISE the username and password. No user certificate is required. ISE uses a certificate but it doesn't not have to be CA-issued not does the client necessarily have to validate/trust it. Those are optional supplicant settings.

0 Helpful
Customers Also Viewed These Support Documents