Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
704
Views
0
Helpful
1
Replies

Cisco ISE Process Flow with Active Directory

lhviet001
Level 1
Level 1

‎03-18-2015 01:40 AM - edited ‎03-10-2019 10:33 PM

Hi guys,

 

Today I did a lab and see this note at Authentication Policy Interface. This note is:

Note: For authentications using PEAP, LEAP, EAP-FAST or RADIUS MSCHAP it is not possible to continue processing when authentication fails or user is not found. If continue option is selected in these cases, requests will be rejected.

Then I thought that the best way to configure authetication policy for Flex Auth: Dot1x (with Active Directory) > MAB (Internal Endpoint) > CWA (Guest and other user) will be using EAP-TLS authentication protocol.

Is this possible using another protocol instead of EAP-TLS (which is required client certificate has already been installed)? Would you mind helping me to reslove the problem? And the network authentication method at end user side will be?

Any help will be much appreciated.

Labels:
0 Helpful
1 Reply 1

Saurav Lodh
Level 7
Level 7

‎03-19-2015 03:31 PM

Please refer the Supported Authentication Protocols ( including PEAP )  , database and authentication types from below

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_auth_pol.html#pgfId-1266680

0 Helpful
Customers Also Viewed These Support Documents