cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1366
Views
0
Helpful
3
Replies

ISE- PEAP- LDAP

Prasan Venky
Participant
Participant

Hello All,

In ISE we tried adding active directory but it failed (ISE & AD Integration). Still there was another option in ISE like LDAP and we added the identity stores.

Now with the below security feature,a client can get authentication through LDAP.

L2 Security-WPA2

Encryption-AES

Auth method-PEAP(EAP-MSCHAP V2)

When i tried connecting i am getting error like "Current Identity store does not support this type" in the ISE.

LDAP in ISE has to replaced with the active directory...?

Any quick help will be appreciated

3 Replies 3

mmangat
Beginner
Beginner

Hello,

Here is a link that you may find handy. Just go to the LDAP section:

http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_id_stores.html#wp1054421

Hello Mr. Mangat,

Thanks for your effort I got how to configure it on ISE from your link. But my expectation is to know the difference between LDAP and AD in ISE. Bcoz when i configure LDAP it was not working for my clients with the PEAP security but later i configured AD with the ISE and now its working fine.

KVS

IMO Cisco ISE does very poor integration with LDAP while it supports Active Directory very well. This is a big shortage on ISE as in our environment LDAP is more widely used than our Active Directory.

 

Basically, you can not use EAP kind authentication on supplicant while your ISE uses LDAP as external identity store. Cisco officially says it only support EAP-GTC and PAP with LDAP. EAP-TLS has nothing to do with LDAP at authentication stage as the supplicant and ISE itself need to trust each other.

 

We also spent a lot of time on central administrator authentication with LDAP with ISE local authorisation as we do not have the group attributes in our LDAP ISE wants for the administrators, and it turns out that ISE simply does not support it.

-- Best Regards
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers