07-12-2017 09:01 PM
Hi everyone,
We are working on a customer who have developed their own app for BYOD and guest access. They are currently using Clearpass to provide their authentication and using an SQL database. The historical reason they went for Clearpass a couple of years ago, was because ISE did not support an external identity store using SQL. Based on the customer's email they would like to know whether ISE can support it, based on the current flows:
From customer’s email:
L2 Authentication.
Controller Radius request from Clearpass. Clearpass request from App MYSQL for the following information
1. User approve / Deny
2. End time
3. VLAN
Clearpass return the values back to Controller
L3 Authentication
Device connect to Controller and L2 authentication fails. Controller will redirect to App web site. App web site provides Device mac address in QR.
Customer uses App to scan QR. App send Device MAC address to App server. App server update Database MAC address. Add user in Clearpass Guest account. Redirect Device back to controller. Device use the username and password from App server to authenticate with controller. Controller send Radius request to Clearpass for guest authentication. Using username and password provided by App. Clearpass approves access for the device and device redirected to company web site.
With the above process there will be integration between App and ISE.
1. ISE request information for example User approve / Deny, End time and VLAN from App MYSQL server. ISE will reply controller request with information.
2. App will add / Remove and modify guest user in ISE. Guest user information includes Username and password. And expire date time
3. L3 Authentication involve controller request ISE for access to internet with username and password. And ISE will allow (if username and password matched) or deny if username and password does not matched.
Just need feedback from the community whether ISE can achieve the same as per what Clearpass does based on the above authentication flow. I have not done any SQL integration with ISE and just wondering if anyone can point out any gotchas or possible issues.
Thanks and regards,
Solved! Go to Solution.
07-13-2017 09:22 AM
Configure ISE 2.2 for integration with MySQL server, contributed by a Cisco TAC engineer, should be able to get you started.
The data types supported are String, Boolean and Integer. I can't tell what it expected for "End time" from your post.
I have not learned any ISE integration with QR codes but it might be done by a custom application that uses the ERS APIs available from ISE.
07-13-2017 09:22 AM
Configure ISE 2.2 for integration with MySQL server, contributed by a Cisco TAC engineer, should be able to get you started.
The data types supported are String, Boolean and Integer. I can't tell what it expected for "End time" from your post.
I have not learned any ISE integration with QR codes but it might be done by a custom application that uses the ERS APIs available from ISE.
07-23-2017 04:07 PM
Thanks Hsing!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide