cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
Register for the monthly ISE Webinars to learn about ISE configuration and deployment.
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

109
Views
0
Helpful
3
Replies
Participant

Authenticate NON Domain PCs in ISE

Hello, one of my clients would like to use ISE to control network access at a plant. The machines are not joined to AD and users login via local accounts. How can I create an authc policy to ahthenticate those users? Which identity store should be selected in this case? 

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: Authenticate NON Domain PCs in ISE

Hello :)

 

well it actually depends how you would like to authenticate this user, 

if you want his local account to be authenticated and this machine is not joined to AD, then you must configure manually the dot1x on the supplicant as well putting the credentials user name and password inside ISE identity store.

 

how many machines you want to authenticate like this way ? it will cost a lot of operations.

 

if those machines are not controlled, its nice to have wired guest authentication instead of having a lot of configurations to add.

 

 

 

 

View solution in original post

Highlighted
Cisco Employee

Re: Authenticate NON Domain PCs in ISE

You could use MAB with guest access as mentioned above if the machines do not have supplicants and also for consistent user experiance.

-Krishnan

View solution in original post

3 REPLIES 3
Cisco Employee

Re: Authenticate NON Domain PCs in ISE

Hello :)

 

well it actually depends how you would like to authenticate this user, 

if you want his local account to be authenticated and this machine is not joined to AD, then you must configure manually the dot1x on the supplicant as well putting the credentials user name and password inside ISE identity store.

 

how many machines you want to authenticate like this way ? it will cost a lot of operations.

 

if those machines are not controlled, its nice to have wired guest authentication instead of having a lot of configurations to add.

 

 

 

 

View solution in original post

Participant

Re: Authenticate NON Domain PCs in ISE

Hi, I believe it’s only 11 so far but will be more down the road. 

 

So pretty much use MAB instead of dot1x, or use dot1x with local accounts on ISE are my only 2 options. 

 

 

Highlighted
Cisco Employee

Re: Authenticate NON Domain PCs in ISE

You could use MAB with guest access as mentioned above if the machines do not have supplicants and also for consistent user experiance.

-Krishnan

View solution in original post