Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

321
Views
0
Helpful
0
Replies
Highlighted
thuwart63
thuwart63 Beginner
Beginner
‎05-02-2010 11:50 AM
‎05-02-2010 11:50 AM

IBNS with two groups of XP Machines, one PEAP-MSCHAPv2 & one EAP-TLS

Hello,

I'm planning to implement a IBNS network. We have two groups of XP Machines. One group has machine certs and we're planning to check their certs using EAP-TLS. The second group of machines is managed by other departments, each having their own Active Directory, and configured with PEAP-MSCHAPv2. I'm not very familiar with this kind of setup, so hints are highly appreciated.

1. Can I assume that, when properly configured, we can differentiate the authorizations per group (for exemple, at least two VLANs one for group 1 and another one for group 2 - I must at least seggregate the users per group and can't mix them in the same environment, since they belong two different departments).

2. For the first group, no big issue. I can check against my central AD. For the users of the second group, since they can come from different departments, each having its own AD, can I differentiate them, by any means, to know which AD I'll have to query? Or do I have to query only one single AD? Is it required that all the users of group 2 belong to the same domain?

Thanks in advance for your help.

Labels:
Everyone's tags (5)
0 Helpful
Reply
Latest Contents
Stealthwatch Enterprise - what capabilities does it provide ...
Created by ben.greenbaum on 12-12-2019 11:27 AM
0
0
0
0
Threat Response integrates with Cisco Stealthwatch Enterprise (SWE) to provide Visibility into network threats. By adding an SWE module to Threat Response, investigators will be able to search for network flows to or from IP addresses that have been reco... view more
Monitoring Failover status (ASA Cluster, Active/Standby) by ...
Created by Oleg Volkov on 12-12-2019 02:26 AM
0
0
0
0
Hi.Want to know Failover cluster status? If You have PRTG do it in 5 min.Download my sensor.Deploy REST API to Your ASA,sAdd my sensor to PRTG and set parameters:In PRTG device settings add linux user and password (ASA user, which have read permissions)-u... view more
#CiscoChat Live: Consumer Perspectives on Data Privacy
Created by Kelli Glass on 12-10-2019 11:00 AM
0
0
0
0
Join us live on Thursday, December 12 at 10:00 am PT (and on demand after) for an in-depth look at the latest Cisco Cybersecurity report. The Cisco 2019 Consumer Privacy Survey shows consumers placing a greater premium on data privacy, providing comp... view more
#CiscoChat Live: Consumer Perspectives on Data Privacy
Created by Kelli Glass on 12-10-2019 10:55 AM
5
0
5
0
Join us live on Thursday, December 12 at 10:00 am PT (and on demand after) for an in-depth look at the latest Cisco Cybersecurity report. The Cisco 2019 Consumer Privacy Survey shows consumers placing a greater premium on data privacy, providing comp... view more
How to find/get the registration key from FTD
Created by Eahwar34 on 12-06-2019 03:14 AM
0
0
0
0
We are in need of finding registration key used for our FTD , unfortunately we have forget the key and also it is encrypted . How to find the key from FTD ?
CreatePlease to create content
Discussion
Blog
Document
Video