Looking for a design validation for a customer.
Customer is using Clearpass for wireless and wants to do:
- RADIUS proxy from Clearpass to ISE but only with RADIUS accounting to extract the username. Clearpass is performing the Authentication/Authorization and these 2 are not proxied
- ISE will then retrieve the AD groups associated to the username and use it to map an SGT.
- This SGT-IP mapping will then be sent via SXP to FMC-FTD for enforcement.
Is this a supported design? Do we use the same design criterias for scalability based on concurrent endpoints in this scenario and the same licensing consumption?
Employees are encouraged to use the internal forum for questions
Please reach out to us since this is design related. It needs more information or a further discussion to understand use case, solution options etc.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: