Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7230
Views
10
Helpful
4
Replies

ISE with multiple AD

Go to solution
Rajiv Dasmohapatra
Level 2
Level 2

‎07-26-2013 02:05 AM - edited ‎03-10-2019 08:41 PM

Dear Friends,

I heard that we can integrate only one AD with ISE. But what if i need to integrate multiple AD's to ISE?

I also learned that we can integrate multiple LDAP instances to ISE. So can i use this option for my situation?

thanks in advance

- Rajiv

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎07-26-2013 04:40 AM

That is correct! Cisco ISE supports integration with a single Active Directory identity source. Cisco ISE uses this Active Directory identity source to join itself to an Active Directory domain. If this Active Directory source has a multidomain forest, trust relationships must exist between its domain and the other domains in order for Cisco ISE to retrieve information from all domains within the forest.

However, you may create multiple instances for LDAP. Cisco ISE can communicate via LDAP to Active Directory servers in an untrusted domain. The only limitation you would see with LDAP being a database that it doesn't support PEAP MSCHAPv2 ( native microsoft supplicant). However it does suppport EAP-TLS.

For more information you may go through the below listed link

http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_45_multiple_active_directories.pdf

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

View solution in original post

Go to solution
manjeets
Level 3
Level 3

‎08-17-2013 03:56 AM

Till now ISE support only one AD :

Multiple AD will be supported is ISE 1.3 Release, That will be release first quarter of 2014,

Review the attached.

View solution in original post

Preview file
7 KB
4 Replies 4

Go to solution
Chris Illsley
Level 3
Level 3

‎07-26-2013 04:23 AM

Yes and yes.

Thanks

Chris

0 Helpful

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎07-26-2013 04:40 AM

That is correct! Cisco ISE supports integration with a single Active Directory identity source. Cisco ISE uses this Active Directory identity source to join itself to an Active Directory domain. If this Active Directory source has a multidomain forest, trust relationships must exist between its domain and the other domains in order for Cisco ISE to retrieve information from all domains within the forest.

However, you may create multiple instances for LDAP. Cisco ISE can communicate via LDAP to Active Directory servers in an untrusted domain. The only limitation you would see with LDAP being a database that it doesn't support PEAP MSCHAPv2 ( native microsoft supplicant). However it does suppport EAP-TLS.

For more information you may go through the below listed link

http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_45_multiple_active_directories.pdf

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

Go to solution
manjeets
Level 3
Level 3

‎08-17-2013 03:56 AM

Till now ISE support only one AD :

Multiple AD will be supported is ISE 1.3 Release, That will be release first quarter of 2014,

Review the attached.

Preview file
7 KB

Go to solution
Rajiv Dasmohapatra
Level 2
Level 2
In response to manjeets

‎08-17-2013 01:31 PM

So I guess I have to go with LDAP with EAP-TLS for multiple domains.

Thanks Jatin and Manjeet.


Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents