cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

ISE and FreeRADIUS

erodigue
Cisco Employee
Cisco Employee

A customer is asking if we have Case Studies, Reference Account or general information of large customers where we have ISE and FreeRADIUS working.

ISE cannot connect directly to the user store so we need to connect to a FreeRADIUS. ISE is configured as Radius Proxy. The FreeRADIUS connect to an LDAP server.

The customer is looking for general information to get their FreeRADIUS server sizing for those large customers, how many users, devices are being authorized for 802.1x in a similar setup.

Do we have information in other customers with a similar ISE-FreeRADIUS setup?

2 REPLIES 2

hslai
Cisco Employee
Cisco Employee

Why can ISE not connect directly to the user store? Is the LDAP not LDAPv3 compliant?

Our teams have not tested FreeRADIUS for scalability, AFAIK.

I've redirected your questions to the folks who might be able to address them.

Hi,

No, the LDAP is using MSCHAPv2 and ISE does not support that protocol for LDAP. The LDAP has a clear text password with an NT-HASH. The customer tested FreeRADIUS and ISE as Radius Proxy and the authentication works fine. They are looking for other accounts with a similar setup so they could size the FreeRADIUS hardware.

Thank you for your help,

Regards,

Edgar

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: