cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Register for SecureX webinars to learn about our newest integrations and features.

2648
Views
0
Helpful
3
Replies
Maurice Ball
Beginner

ISE 3.0 TEAP with AD Security

Is it possible to setup a Cisco ISE authorization policy that uses TEAP chaining in combination with an active directory security group?

3 REPLIES 3
rschlayer
Enthusiast

Hi @Maurice Ball 
could you please clarify what exactly you want to achieve?

When using TEAP (EAP-Chaining) you can use the user information to retrieve the groups and build an authorization policy for it.

Please check this Bug as it might affect you https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt18613

BR
Rick

I am trying to configure my ISE policies to use TEAP with EAP-TLS as the inner method on Windows 10 computers.

It works fine if I use MSCHAPv2 as the inner method but if I use EAP-TLS. I am hitting the same bug as listed below.

Note: My ISE version 3.0 with patch 2 installed.

 

CSCvt18613


AuthZ Conditions with AD Groups Not matched for TEAP - EAP-Chaining
CSCvt18613

Description
Symptom:
Authorization rules conditioning on AD groups not matched.

Conditions:
TEAP with EAP Chaining Enabled
Either computer or user auth with the inner method MSCHAPv2
Expecting to hit AD group conditions

Workaround:
N/A

Further Problem Description

It should definitely work in my opinion.

If you can please open a TAC Case.

BR
Rick

Create
Recognize Your Peers
Content for Community-Ad
Additional Cisco Threat Response Resources


August's Community Spotlight Awards