cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
Register for the monthly ISE Webinars to learn about ISE configuration and deployment.
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1072
Views
3
Helpful
2
Replies
Highlighted
Cisco Employee

ISE & SQL

Hi everyone,

We are working on a customer  who have developed their own app for BYOD and guest access.  They are currently using Clearpass to provide their authentication and using an SQL database.   The historical reason they went for Clearpass a couple of years ago, was because ISE did not support an external identity store using SQL.  Based on the customer's email they would like to know whether ISE can support it, based on the current flows:

From customer’s email:

L2 Authentication.

            Controller Radius request from Clearpass. Clearpass request from App MYSQL for the following information

1.    User approve / Deny

2.    End time

3.    VLAN

Clearpass return the values back to Controller

L3 Authentication

            Device connect to Controller and L2 authentication fails. Controller will redirect to App web site. App web site provides Device mac address in QR.

Customer uses App to scan QR. App send Device MAC address to App server. App server update Database MAC address. Add user in Clearpass Guest account. Redirect Device back to controller. Device use the username and password from App server to authenticate with controller. Controller send Radius request to Clearpass for guest authentication. Using username and password provided by App. Clearpass approves access for the device and device redirected to company web site.

With the above process there will be integration between App and ISE.

1.    ISE request information for example User approve / Deny, End time and VLAN from App MYSQL server. ISE will reply controller request with information.

2.    App will add / Remove and modify guest user in  ISE. Guest user information includes Username and password. And expire date time

3.    L3 Authentication involve controller request ISE for access to internet with username and password. And ISE will allow (if username and password matched) or deny if username and password does not matched.

Just need feedback from the community whether ISE can achieve the same as per what Clearpass does based on the above authentication flow.  I have not done any SQL integration with ISE and just wondering if anyone can point out any gotchas or possible issues.

Thanks and regards,

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ISE & SQL

Configure ISE 2.2 for integration with MySQL server, contributed by a Cisco TAC engineer, should be able to get you started.

The data types supported are String, Boolean and Integer. I can't tell what it expected for "End time" from your post.

Screen Shot 2017-07-13 at 9.19.56 AM.png

I have not learned any ISE integration with QR codes but it might be done by a custom application that uses the ERS APIs available from ISE.

2 REPLIES 2
Cisco Employee

Re: ISE & SQL

Configure ISE 2.2 for integration with MySQL server, contributed by a Cisco TAC engineer, should be able to get you started.

The data types supported are String, Boolean and Integer. I can't tell what it expected for "End time" from your post.

Screen Shot 2017-07-13 at 9.19.56 AM.png

I have not learned any ISE integration with QR codes but it might be done by a custom application that uses the ERS APIs available from ISE.

Cisco Employee

Re: ISE & SQL

Thanks  Hsing!