cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

ISE / DNAC and multiple AD domain

250
Views
0
Helpful
0
Comments

Hello,

We have a SDA network with DNAC and ISE.

In this network we have different teams with different AD domain and PKI. (domains do not trust each other)

Users are only sharing same switches in the fabric.

 

We want to authenticate the endpoints with EAP-TLS.

Each domain computer receives a machine cert for the domain it belongs

 

Will ISE be able to check the machine certificate against each CA  and then check for a group in the corresponding AD?

Can I have only 1 Identity Source Sequence with all the Active Directory to acheive this?

 

Are there some restrictions or any caveats?

 

Thanks