03-01-2023 10:42 AM
We have ISE TACACS 3.0 in our company. I am new to administering the environment. We have an external AD environment that clients can authenticate against. In our authentication Policy we have MAB, Dot1X and Default. Would a new policy be added prior to Default to allow clients to authenticate against the external AD environment?
Solved! Go to Solution.
03-01-2023 02:01 PM
hello @sbartelt62 , within the scenario that you are describing you need to create a policy in which you will be using dot1x , depends mostly on the design you want to do with your policies sets , you can place , as you mention, a policy set above the default one where you might indicate that devices doing this protocol will be hitting the rule , as the following example shows
The rules on ISE are evaluated from top to bottom so the rules that you have above will be evaluated first , you can add multiple more conditions within the rules that adapt to the authentication you want to achieve , or you can also work within the default rule and create a condition that is specific for dot1x within the "Authentication policy" section of that policy set , for ISE 3.0 also you need to have essential licensing to perform RADIUS AAA and web authentication .
Kindly refer to the following links that may help you in this new configuration
Let me know if that helped you .
03-02-2023 04:31 AM
Thank you. I will look over all the information.
03-01-2023 02:01 PM
hello @sbartelt62 , within the scenario that you are describing you need to create a policy in which you will be using dot1x , depends mostly on the design you want to do with your policies sets , you can place , as you mention, a policy set above the default one where you might indicate that devices doing this protocol will be hitting the rule , as the following example shows
The rules on ISE are evaluated from top to bottom so the rules that you have above will be evaluated first , you can add multiple more conditions within the rules that adapt to the authentication you want to achieve , or you can also work within the default rule and create a condition that is specific for dot1x within the "Authentication policy" section of that policy set , for ISE 3.0 also you need to have essential licensing to perform RADIUS AAA and web authentication .
Kindly refer to the following links that may help you in this new configuration
Let me know if that helped you .
03-02-2023 04:31 AM
Thank you. I will look over all the information.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: