cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
415
Views
0
Helpful
1
Replies

802.1x - Authenticating users from two domains on one switch

thomuff
Level 3
Level 3

Hi

Trying to figure out if there is a way to have a switch authenticate devices from two different domains

For example   Computer A is in Domain A  Computer B is Domain B

Computer A is connected to f0/1 computer B is connected to F0/2

I am thinking that i have to configure multiple Radius server entries  One for domain A and one for domain B and reduce the timeout if possible

Any ideas or solutions?

Thank you for your help..

1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

What's your RADIUS server?

ISE 1.3 allows you to join it to multiple domains.

Even with ISE 1.2, you could join one AD domain and also use the identities from a second one via LDAP.

Multiple RADIUS server entries won't normally try the second one as long as the primary is responsive - a failed authentication counts as a legitimate response. You can setup round robin or least outstanding methods but that still doesn't give you the "check both to see if one gives me a good authentication" result.