Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1984
Views
0
Helpful
2
Replies

Cisco ISE in Apple Mac Environment

Arun Greig John
Level 1
Level 1

‎03-09-2013 03:23 AM - edited ‎03-10-2019 08:10 PM

Hi,

One of our clients need to implement BYOD in their network. They are using Mac servers and clients. The requirement is to authenticate (wireless) users against the Mac directory server, in order to provide access to resources. I am trying to figure out whether Cisco ISE can perform LDAP authentication with Mac server. As per this document, Mac server is not a supported external identity source/LDAP server. Currently they are providing access to users by adding MAC addresses to WLC manually, which is not practical now due to increase in number of end devices, and limitation in MAC addresses supported by WLC (2048).

Is it possible to implement this? Has anyone came across similar scenario?

Thanks,

John

Labels:
0 Helpful
2 Replies 2

Saurav Lodh
Level 7
Level 7

‎05-27-2014 01:22 AM

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_man_id_stores.html#wp1346303

0 Helpful

mohanak
Cisco Employee
Cisco Employee

‎06-03-2014 04:47 AM

The Cisco Identity Services Engine (Cisco ISE) integrates with external identity sources to validate credentials in user authentication functions, and to retrieve group information and other attributes that are associated with the user for use in authorization policies. You must configure the external identity source that contains your user information in Cisco ISE. External identity sources also include certificate information for the Cisco ISE server and certificate authentication profiles.

 

Both internal and external identity sources can be used as the authentication source for sponsor authentication and also for authentication of remote guest users.

 

Table 5-1 lists the identity sources and the protocols that they support.

 

 

Table 5-1 Protocol Versus Database Support 

 
Protocol (Authentication Type)
 
Internal Database
 
Active Directory
 
LDAP1
 
RADIUS Token Server or RSA
 

EAP-GTC2 , PAP3 (plain text password)

 

Yes

 

Yes

 

Yes

 

Yes

 

MS-CHAP4 password hash:

 

MSCHAPv1/v25

 

EAP-MSCHAPv26

 

LEAP7

 

Yes

 

Yes

 

No

 

No

 

EAP-MD58

 

CHAP9

 

Yes

 

No

 

No

 

No

 

EAP-TLS10

 

PEAP-TLS11

 

(certificate retrieval)

 

Note For TLS authentications (EAP-TLS and PEAP-TLS), identity sources are not required, but are optional and can be added for authorization policy conditions.

 

No

 

Yes

 

Yes

 

No

 

1 LDAP = Lightweight Directory Access Protocol.

 

2 EAP-GTC = Extensible Authentication Protocol-Generic Token Card

 

3 PAP = Password Authentication Protocol

 

4 MS-CHAP = Microsoft Challenge Handshake Authentication Protocol

 

5 MS-CHAPv1/v2 = Microsoft Challenge Handshake Authentication Protocol Version 1/Version 2

 

6 EAP-MSCHAPv2 = Extensible Authentication Protocol-Microsoft Challenge Handshake Authentication Protocol Version 2

 

7 LEAP = Lightweight Extensible Authentication Protocol

 

8 EAP-MD5 = Extensible Authentication Protocol-Message Digest 5

 

9 CHAP = Challenge-Handshake Authentication Protocol

 

10 EAP-TLS = Extensible Authentication Protocol-Transport Layer Security

 

11 PEAP-TLS = Protected Extensible Authentication Protocol-Transport Layer Security

and for the WLC Check the Link : www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/91901-mac-filters-wlcs-config.html#backinfo

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents