Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1588
Views
0
Helpful
3
Replies

Authenticate NON Domain PCs in ISE

Go to solution
NETAD
Level 4
Level 4

‎06-04-2019 12:40 PM

Hello, one of my clients would like to use ISE to control network access at a plant. The machines are not joined to AD and users login via local accounts. How can I create an authc policy to ahthenticate those users? Which identity store should be selected in this case? 

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
yalbikaw
Cisco Employee
Cisco Employee

‎06-04-2019 02:31 PM

Hello :)

 

well it actually depends how you would like to authenticate this user, 

if you want his local account to be authenticated and this machine is not joined to AD, then you must configure manually the dot1x on the supplicant as well putting the credentials user name and password inside ISE identity store.

 

how many machines you want to authenticate like this way ? it will cost a lot of operations.

 

if those machines are not controlled, its nice to have wired guest authentication instead of having a lot of configurations to add.

 

 

 

 

View solution in original post

0 Helpful

Go to solution
kthiruve
Cisco Employee
Cisco Employee
In response to NETAD

‎06-17-2019 05:54 PM

You could use MAB with guest access as mentioned above if the machines do not have supplicants and also for consistent user experiance.

-Krishnan

View solution in original post

0 Helpful
3 Replies 3

Go to solution
yalbikaw
Cisco Employee
Cisco Employee

‎06-04-2019 02:31 PM

Hello :)

 

well it actually depends how you would like to authenticate this user, 

if you want his local account to be authenticated and this machine is not joined to AD, then you must configure manually the dot1x on the supplicant as well putting the credentials user name and password inside ISE identity store.

 

how many machines you want to authenticate like this way ? it will cost a lot of operations.

 

if those machines are not controlled, its nice to have wired guest authentication instead of having a lot of configurations to add.

 

 

 

 

0 Helpful

Go to solution
NETAD
Level 4
Level 4
In response to yalbikaw

‎06-04-2019 02:43 PM

Hi, I believe it’s only 11 so far but will be more down the road. 

 

So pretty much use MAB instead of dot1x, or use dot1x with local accounts on ISE are my only 2 options. 

 

 

0 Helpful

Go to solution
kthiruve
Cisco Employee
Cisco Employee
In response to NETAD

‎06-17-2019 05:54 PM

You could use MAB with guest access as mentioned above if the machines do not have supplicants and also for consistent user experiance.

-Krishnan

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents