Re: Cloud based virtual machine dot1x authentication with Cisco ISE

sumjoy_vicky · ‎01-18-2023

Hi All,

I would like to understand if virtual machine hosted on cloud (Azure, AWS etc) can authenticate through Dot1X or MAB by on premise Cisco ISE?

Thank You.

balaji.bandi · ‎01-18-2023

YES / NO depends how the connection extended and is the NAD/NAC uses on prem ISE ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

sumjoy_vicky · ‎01-18-2023

Yes, on-prem NAD/NAC are using on-prem ISE.

Rodrigo Diaz · ‎01-18-2023

Hi @sumjoy_vicky , yes it's possible all will depend mostly in how the authentication will take place between ISE and NAD, as the ISE doesn't have direct contact with your PC but through your NAD , so if there is communication between PC and NAD , ISE will see it as normal authentication from a physical PC.

Let me know if that helped you .

sumjoy_vicky · ‎01-18-2023

Thanks @Rodrigo Diaz for your response. I believe in this case NAD will be Vnet (on cloud) that can configure radius server pointing to on-prem ISE and extend radius server communication over S2S VPN between cloud and on-prem. Wondering if can add cloud VNET under network devices in on-prem ISE?

Thanks.

Rodrigo Diaz · ‎01-19-2023

hey @sumjoy_vicky , for your scenario the addition of NAD would be the same from the ISE point of view , and ISE will handle the NAD as any other one within your environment and will reply to radius request your NAD generates , the point here is that some functionalities depending upon your NAD will not be supported , I would check these links for your reference :

https://www.cisco.com/c/en/us/td/docs/security/ise/nad_capabilities/nad_capabilities_with_ise.html

https://community.cisco.com/t5/security-knowledge-base/for-download-radius-vendor-dictionaries-for-3rd-parties/ta-p/3743448