cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3506
Views
15
Helpful
5
Replies

ISE 2.2 authenticate only AD user (without the need for the machine to be in the AD domain)

Hi,

 

Could you help me with my doubt?

Can I use ISE 2.2 authenticate (Wireless_802.1X) only AD user (without the need for the machine to be in the AD domain)?

 

Best regards

LOURENÇO, Claudio

3 Accepted Solutions

Accepted Solutions

Hi,

Yes, you will need to configure the AD domain in ISE as an external identity source. Then configure the appropriate authentication and authorization rules in a policy. On the client computer (I assume windows) just configure it to use user authentication, select PEAP/MSCHAPv2 as the authentication protocol.

View solution in original post

Peter Koltl
Level 7
Level 7

If the machine is not a domain member, then the user logon credentials are not suitable to authenticate the user in the domain for 802.1X. That is, Single Sign-on is not an option. Therefore  the client must be configured not to use the logon credentials for 802.1X (uncheck Enable single sign on for this network), and a 802.1X password popup window or a bubble will appear after the logon where the user must enter a valid domain username and password.

View solution in original post

5 Replies 5

Hi,

Yes, you will need to configure the AD domain in ISE as an external identity source. Then configure the appropriate authentication and authorization rules in a policy. On the client computer (I assume windows) just configure it to use user authentication, select PEAP/MSCHAPv2 as the authentication protocol.

I'm going to do a lab because I have an implementation Cisco ISE.

Thank you very much for your attention RJI.

 

Peter Koltl
Level 7
Level 7

If the machine is not a domain member, then the user logon credentials are not suitable to authenticate the user in the domain for 802.1X. That is, Single Sign-on is not an option. Therefore  the client must be configured not to use the logon credentials for 802.1X (uncheck Enable single sign on for this network), and a 802.1X password popup window or a bubble will appear after the logon where the user must enter a valid domain username and password.

I did the lab and it worked!

Thank RJI and Peter Kolti very much for your attention.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: