Re: ISE Authentication issue

rahul.k1 · ‎06-13-2022

Hi Team,

Our team have been using LDAP instead of Active Directory

They are evaluating ISE but, using ISE with LDAP is not getting dot1x authentication
ISE is getting logs for the switch 2960-x and tested the MAB authentication

What is the reason that when the dot1x is enabled, ISE does not receive the logs for the same ?

How do I enable 801.1x authentication in endpoints that are connected to an LDAP server ?

MHM Cisco World · ‎06-13-2022

can you share config ?

balaji.bandi · ‎06-13-2022

what LDAP , Open LDAP ?

May be you need to follow troubleshoot tips and provide logs :

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/216190-configure-and-troubleshoot-ise-with-exte.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Marvin Rhoads · ‎06-13-2022

802.1x used by endpoints and the backend authentication server used by ISE are completely separate elements. 802.1x is endpoint to network access device (NAD), RADIUS is NAD to ISE and LDAP is ISE to authentication server(s).

Is the LDAP server connected and tested/validated on the ISE side? Is your ISE Authorization condition(s) that the NADs (i.e. switches or WLC) are configured to use checking for the endpoint LDAP attributes required to grant network access?

Greg Gibbs · ‎06-13-2022

This appears to be duplicate discussion to this post:

https://community.cisco.com/t5/network-access-control/ise-ldap-authentication-issue/m-p/4631230#M575455