cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

391
Views
0
Helpful
1
Replies
RD77
Beginner

External laptop with their own EAP-TLS configuration

Hi,

Our ISE is setup to authenticate our machines and users (EAP-TLS) with the default windows supplicant.

 

Sometines we have external partners that come to our network and we would like to allow them to access the network (wired). 

 

Is it possible to allow them to the network even if they already have another EAP-TLS configuration for their corporate network? (they won't trust our ISE...)

 

Of course the EAP-TLS will fail but how can we still allow them access the netowrk through MAB or Webredirect?

 

Thanks

 

1 ACCEPTED SOLUTION

Accepted Solutions
Mike.Cifelli
VIP Advocate

IMO you have a couple of options here.  You could rely on mab as you mentioned, but the trick here would be getting the "approved" external laptops into a mab group and enabling it on your NADs.  You could add macs via some sort of manual way or possibly utilize the guest/sponsor portal solutions.  This really depends on your requirements and/or what is feasible for you in your environment.  I would suggest taking a peek at the following:

Guest/BYOD sections: Cisco ISE & NAC Resources - Cisco Community

Sponsor Portal User Guide for Cisco Identity Services Engine, Release 2.7 - Sponsor Portal Users Guide [Cisco Identity Services Engine] - Cisco

HTH!

View solution in original post

1 REPLY 1
Mike.Cifelli
VIP Advocate

IMO you have a couple of options here.  You could rely on mab as you mentioned, but the trick here would be getting the "approved" external laptops into a mab group and enabling it on your NADs.  You could add macs via some sort of manual way or possibly utilize the guest/sponsor portal solutions.  This really depends on your requirements and/or what is feasible for you in your environment.  I would suggest taking a peek at the following:

Guest/BYOD sections: Cisco ISE & NAC Resources - Cisco Community

Sponsor Portal User Guide for Cisco Identity Services Engine, Release 2.7 - Sponsor Portal Users Guide [Cisco Identity Services Engine] - Cisco

HTH!

View solution in original post

Content for Community-Ad