Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
794
Views
0
Helpful
0
Comments

ISE / DNAC and multiple AD domain

REJR77
Level 1
Level 1

‎02-21-2020 08:24 AM - edited ‎02-21-2020 10:05 PM

Hello,

We have a SDA network with DNAC and ISE.

In this network we have different teams with different AD domain and PKI. (domains do not trust each other)

Users are only sharing same switches in the fabric.

 

We want to authenticate the endpoints with EAP-TLS.

Each domain computer receives a machine cert for the domain it belongs

 

Will ISE be able to check the machine certificate against each CA  and then check for a group in the corresponding AD?

Can I have only 1 Identity Source Sequence with all the Active Directory to acheive this?

 

Are there some restrictions or any caveats?

 

Thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents