01-18-2023 02:17 AM
Hi All,
I would like to understand if virtual machine hosted on cloud (Azure, AWS etc) can authenticate through Dot1X or MAB by on premise Cisco ISE?
Thank You.
01-18-2023 03:44 AM
YES / NO depends how the connection extended and is the NAD/NAC uses on prem ISE ?
01-18-2023 04:33 AM
Yes, on-prem NAD/NAC are using on-prem ISE.
01-18-2023 06:43 AM
Hi @sumjoy_vicky , yes it's possible all will depend mostly in how the authentication will take place between ISE and NAD, as the ISE doesn't have direct contact with your PC but through your NAD , so if there is communication between PC and NAD , ISE will see it as normal authentication from a physical PC.
Let me know if that helped you .
01-18-2023 10:09 PM - edited 01-18-2023 11:49 PM
Thanks @Rodrigo Diaz for your response. I believe in this case NAD will be Vnet (on cloud) that can configure radius server pointing to on-prem ISE and extend radius server communication over S2S VPN between cloud and on-prem. Wondering if can add cloud VNET under network devices in on-prem ISE?
Thanks.
01-19-2023 08:59 AM
hey @sumjoy_vicky , for your scenario the addition of NAD would be the same from the ISE point of view , and ISE will handle the NAD as any other one within your environment and will reply to radius request your NAD generates , the point here is that some functionalities depending upon your NAD will not be supported , I would check these links for your reference :
https://www.cisco.com/c/en/us/td/docs/security/ise/nad_capabilities/nad_capabilities_with_ise.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide