04-07-2021 08:45 AM
Hi,
Our ISE is setup to authenticate our machines and users (EAP-TLS) with the default windows supplicant.
Sometines we have external partners that come to our network and we would like to allow them to access the network (wired).
Is it possible to allow them to the network even if they already have another EAP-TLS configuration for their corporate network? (they won't trust our ISE...)
Of course the EAP-TLS will fail but how can we still allow them access the netowrk through MAB or Webredirect?
Thanks
Solved! Go to Solution.
04-08-2021 05:40 AM
IMO you have a couple of options here. You could rely on mab as you mentioned, but the trick here would be getting the "approved" external laptops into a mab group and enabling it on your NADs. You could add macs via some sort of manual way or possibly utilize the guest/sponsor portal solutions. This really depends on your requirements and/or what is feasible for you in your environment. I would suggest taking a peek at the following:
Guest/BYOD sections: Cisco ISE & NAC Resources - Cisco Community
HTH!
04-08-2021 05:40 AM
IMO you have a couple of options here. You could rely on mab as you mentioned, but the trick here would be getting the "approved" external laptops into a mab group and enabling it on your NADs. You could add macs via some sort of manual way or possibly utilize the guest/sponsor portal solutions. This really depends on your requirements and/or what is feasible for you in your environment. I would suggest taking a peek at the following:
Guest/BYOD sections: Cisco ISE & NAC Resources - Cisco Community
HTH!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: