Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
603
Views
0
Helpful
2
Replies

ISE question - per wlan radius methods

cmarva
Level 4
Level 4

‎04-05-2018 07:00 AM - edited ‎02-21-2020 10:52 AM

I just ran into this, and have not yet scoured the forums, or the docs.

we have ISE authenticating our internal wlan. We do not have LEAP enabled as an accepted protocol, and have no plans of enabling it.

however, we do have scanners and printers in use in our warehouses, between 500-600 total, that are using LEAP. I do not know the capabilities of these devices, but reconfiguring them to use PEAP would be a nightmare. These devices are used on a separate wlan with mac filtering.

 

my  question is:

within ISE, can I set up a radius method that includes LEAP, that will only authenticate on this wlan, and continue to use our current (which does not include LEAP) for our internal wlan? Just different methods, per wlan. I know the policy flow would have to match the wlan, then call the appropriate method.

 

If anyone knows offhand if this is possible, I will do the research and figure it out. I'm just wondering if this can be done. Again, just ran into this and trying to figure out something, because I do not want to accept LEAP on our internal wlan.

Thanks - chris

 

Labels:
0 Helpful
2 Replies 2

jan.nielsen
Level 7
Level 7

‎04-05-2018 07:31 AM

Certainly, if your LEAP devices are on another wlan than your internal users/devices, this can be done. You can decide what eap protocols to allow in your authentication policy rules, ex. match the ssid and then select an Allowed Protocol defnition where LEAP is the only allowed protocol.
Preview file
17 KB
0 Helpful

cmarva
Level 4
Level 4
In response to jan.nielsen

‎04-05-2018 07:46 AM

very good, thanks Jan. That's really all I needed to know, so I didn't spend a whole bunch of time looking into it if it couldn't be done. I'll get to researching and digging through the docs.

 

thanks again, I appreciate it.

Chris

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents