cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
Register for the monthly ISE Webinars to learn about ISE configuration and deployment.
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

898
Views
0
Helpful
2
Replies
Highlighted
Cisco Employee

ISE and FreeRADIUS

A customer is asking if we have Case Studies, Reference Account or general information of large customers where we have ISE and FreeRADIUS working.

ISE cannot connect directly to the user store so we need to connect to a FreeRADIUS. ISE is configured as Radius Proxy. The FreeRADIUS connect to an LDAP server.

The customer is looking for general information to get their FreeRADIUS server sizing for those large customers, how many users, devices are being authorized for 802.1x in a similar setup.

Do we have information in other customers with a similar ISE-FreeRADIUS setup?

Everyone's tags (4)
2 REPLIES 2
Cisco Employee

Re: ISE and FreeRADIUS

Why can ISE not connect directly to the user store? Is the LDAP not LDAPv3 compliant?

Our teams have not tested FreeRADIUS for scalability, AFAIK.

I've redirected your questions to the folks who might be able to address them.

Cisco Employee

Re: ISE and FreeRADIUS

Hi,

No, the LDAP is using MSCHAPv2 and ISE does not support that protocol for LDAP. The LDAP has a clear text password with an NT-HASH. The customer tested FreeRADIUS and ISE as Radius Proxy and the authentication works fine. They are looking for other accounts with a similar setup so they could size the FreeRADIUS hardware.

Thank you for your help,

Regards,

Edgar