02-07-2019 07:55 AM
Hi team,
I am having a hard time to solve a design issue. There are two companies who have a direct connection between them and time to time the employees move between the companies. Both of the companies are using ISE and have their ADs, Wired/Wireless NAC is also in place. Request is to have the User A from Company A to be able to Authenticate with his credentials on Company B's NADs and same the other way. I am trying to understand the possibility of External RADIUS Server as they don't want to have the Multi-AD integration. If I create a rule with RADIUS Sequence as far as I understand from the document, it will try the first ISE then if it doesn't receive a response, it will move on to the next-one. But how about the RADIUS-Reject scenario? Do we try each RADIUS Servers till we have RADIUS-Accept or finish all the RADIUSes or first time we receive a RADIUS-Reject we stop the process completely? Or how can I achieve the granularity on Authentication Policy based on the company that user belongs to?
Any response or guidance will be much appreciated!
Regards,
Efe
Solved! Go to Solution.
02-07-2019 08:00 AM
I would do the following:
The only danger in that setup is if an AD account with the exact same name exists in Company A AD for a Company B user, but hopefully that risk should be minimal
02-07-2019 08:00 AM
I would do the following:
The only danger in that setup is if an AD account with the exact same name exists in Company A AD for a Company B user, but hopefully that risk should be minimal
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide