Solved: Use ISE as an external radius server in another ISE

juan.saavedra · ‎06-03-2016

Hello,

This is the scenario: three companies are part of a corporate, we want to authenticate this users by 802.1x, there have 3 Active Directory and 3 Cisco ISE.

Is not posible to join in a forest or "connect" Active Directoy.

This:

userA@companyA.com --> WLC Company B --> ISE Company B --> radius_connection --> ISE Company A --> AD@companyA.com

Is this possible?

THANK YOU!

jan.nielsen · ‎06-04-2016

Yes, it's called radius proxy. You can create seperate authentication rules, that match the domain name in your username, and send the request on to the proper ISE server.

In ISE it's the authentication policy, and the radius server sequence you need to work with

View solution in original post

jan.nielsen · ‎06-04-2016

Yes, it's called radius proxy. You can create seperate authentication rules, that match the domain name in your username, and send the request on to the proper ISE server.

In ISE it's the authentication policy, and the radius server sequence you need to work with

juan.saavedra · ‎06-06-2016

Thank you, Jan.

I tried, it work well.