Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
805
Views
0
Helpful
4
Replies

Cisci ISE and forescout in same network

Go to solution
adamgibs7
Level 6
Level 6

‎12-24-2023 02:20 AM

Dears

I would like to use the ISE for the tacacs and guest network and forescout for the rest of the services, can i add both of them in the switches and routers, how things will work in this case the authentication will work with ISE and the dot1x and other features will work with forescout,  is this type of setup will work? and how, 

The different between ISE and forescout is ISE works before the machine/windows gets the IP address and the forescout works post machine/windows come's up.

Thanks

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎01-04-2024 01:43 PM

You may configure TACACS+Device Administration AAA servers separate from RADIUS AAA servers in Cisco IOS. "forescout for the rest of the services" is not very specific but it will likely involve making one of your AAA server deployments (ISE or Forescout) a RADIUS proxy for the specific services they are handling.

> The different between ISE and forescout is ISE works before the machine/windows gets the IP address and the forescout works post machine/windows come's up.

That is not 802.1X + RADIUS with ForeScout - that is the SNMP Authentication VLAN method.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎12-24-2023 02:33 AM 

I would like to use the ISE for the tacacs and guest network

yes this possible based on the configuration you doing for device admin and SSID configuration for Guest you can point to ISE

Other part you mentioned -  forescout for the rest of the services,  - this was not clear - is this for 802.1x  for Wire and Wireless ?

if you using 802.1x  for Wired connection then that will be difficult  i guess my views.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
adamgibs7
Level 6
Level 6
In response to balaji.bandi

‎12-24-2023 03:38 AM

Dear balaji

the rest services are :

  • DOt.1x
  • profiling
  • posture
  • BYOD
  • Rapid threat containment

Thanks

 

 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to adamgibs7

‎12-24-2023 05:06 AM

Never tried it with different vendors - look at below example may help you  and may meet your requirements :

https://www.cisco.com/c/en/us/td/docs/wireless/controller/ewc/17-2/config-guide/ewc_cg_17_2/authentication_and_authorization_between_multiple_radius_servers.pdf

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
thomas
Cisco Employee
Cisco Employee

‎01-04-2024 01:43 PM

You may configure TACACS+Device Administration AAA servers separate from RADIUS AAA servers in Cisco IOS. "forescout for the rest of the services" is not very specific but it will likely involve making one of your AAA server deployments (ISE or Forescout) a RADIUS proxy for the specific services they are handling.

> The different between ISE and forescout is ISE works before the machine/windows gets the IP address and the forescout works post machine/windows come's up.

That is not 802.1X + RADIUS with ForeScout - that is the SNMP Authentication VLAN method.

0 Helpful
Customers Also Viewed These Support Documents