02-24-2016 11:47 AM
A customer is asking if we have Case Studies, Reference Account or general information of large customers where we have ISE and FreeRADIUS working.
ISE cannot connect directly to the user store so we need to connect to a FreeRADIUS. ISE is configured as Radius Proxy. The FreeRADIUS connect to an LDAP server.
The customer is looking for general information to get their FreeRADIUS server sizing for those large customers, how many users, devices are being authorized for 802.1x in a similar setup.
Do we have information in other customers with a similar ISE-FreeRADIUS setup?
02-24-2016 12:05 PM
Why can ISE not connect directly to the user store? Is the LDAP not LDAPv3 compliant?
Our teams have not tested FreeRADIUS for scalability, AFAIK.
I've redirected your questions to the folks who might be able to address them.
02-24-2016 12:14 PM
Hi,
No, the LDAP is using MSCHAPv2 and ISE does not support that protocol for LDAP. The LDAP has a clear text password with an NT-HASH. The customer tested FreeRADIUS and ISE as Radius Proxy and the authentication works fine. They are looking for other accounts with a similar setup so they could size the FreeRADIUS hardware.
Thank you for your help,
Regards,
Edgar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide