06-04-2019 12:40 PM
Hello, one of my clients would like to use ISE to control network access at a plant. The machines are not joined to AD and users login via local accounts. How can I create an authc policy to ahthenticate those users? Which identity store should be selected in this case?
Solved! Go to Solution.
06-04-2019 02:31 PM
Hello :)
well it actually depends how you would like to authenticate this user,
if you want his local account to be authenticated and this machine is not joined to AD, then you must configure manually the dot1x on the supplicant as well putting the credentials user name and password inside ISE identity store.
how many machines you want to authenticate like this way ? it will cost a lot of operations.
if those machines are not controlled, its nice to have wired guest authentication instead of having a lot of configurations to add.
06-17-2019 05:54 PM
You could use MAB with guest access as mentioned above if the machines do not have supplicants and also for consistent user experiance.
-Krishnan
06-04-2019 02:31 PM
Hello :)
well it actually depends how you would like to authenticate this user,
if you want his local account to be authenticated and this machine is not joined to AD, then you must configure manually the dot1x on the supplicant as well putting the credentials user name and password inside ISE identity store.
how many machines you want to authenticate like this way ? it will cost a lot of operations.
if those machines are not controlled, its nice to have wired guest authentication instead of having a lot of configurations to add.
06-04-2019 02:43 PM
Hi, I believe it’s only 11 so far but will be more down the road.
So pretty much use MAB instead of dot1x, or use dot1x with local accounts on ISE are my only 2 options.
06-17-2019 05:54 PM
You could use MAB with guest access as mentioned above if the machines do not have supplicants and also for consistent user experiance.
-Krishnan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide