This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Does ISE1.1 support TACACS/TACACS+ and H-REAP mode ?
Also, customer wants to have quick access to the corporate network with some few laptops without going through the Actice Directory? Any suggestion on this?
ISE does not support tacacs. You can create internal users within the ISE database and can assign them to the network.
Please provide the controller code that the customer is running with regards to your second question (hreap).
*Please rate helpful posts*
Its 5508 WLC with version 7.2 on it.
For the last bit, i was thinking of using Pre-shared key on the WLC with the PSK only known to the Network Adminstrator and getting it changed frequently.
Let me know your thoughts about this.
EAP-TLS does not rely on AD.
CA root cert is installed on ACS for trust and identity.
you can elect to Perform Binary Certificate Comparison with Certificate retrieved from LDAP or Active Directory
|Users and Identity Stores >||Certificate Authentication Profile >||Edit: "CN Username"|
see the checkbox at the bottom.
I do EAP TLS machine auth only without integrating AD into the policy at all.