Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1630
Views
0
Helpful
3
Replies

ISE- PEAP- LDAP

Prasan Venky
Level 3
Level 3

‎07-17-2013 07:49 AM - edited ‎07-04-2021 12:26 AM

Hello All,

In ISE we tried adding active directory but it failed (ISE & AD Integration). Still there was another option in ISE like LDAP and we added the identity stores.

Now with the below security feature,a client can get authentication through LDAP.

L2 Security-WPA2

Encryption-AES

Auth method-PEAP(EAP-MSCHAP V2)

When i tried connecting i am getting error like "Current Identity store does not support this type" in the ISE.

LDAP in ISE has to replaced with the active directory...?

Any quick help will be appreciated

Labels:
0 Helpful
3 Replies 3

mmangat
Level 1
Level 1

‎07-17-2013 07:50 PM

Hello,

Here is a link that you may find handy. Just go to the LDAP section:

http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_id_stores.html#wp1054421

0 Helpful

Prasan Venky
Level 3
Level 3
In response to mmangat

‎07-17-2013 10:43 PM

Hello Mr. Mangat,

Thanks for your effort I got how to configure it on ISE from your link. But my expectation is to know the difference between LDAP and AD in ISE. Bcoz when i configure LDAP it was not working for my clients with the PEAP security but later i configured AD with the ISE and now its working fine.

KVS

0 Helpful

networkguy13111
Level 1
Level 1
In response to Prasan Venky

‎01-07-2015 04:56 PM

IMO Cisco ISE does very poor integration with LDAP while it supports Active Directory very well. This is a big shortage on ISE as in our environment LDAP is more widely used than our Active Directory.

 

Basically, you can not use EAP kind authentication on supplicant while your ISE uses LDAP as external identity store. Cisco officially says it only support EAP-GTC and PAP with LDAP. EAP-TLS has nothing to do with LDAP at authentication stage as the supplicant and ISE itself need to trust each other.

 

We also spent a lot of time on central administrator authentication with LDAP with ISE local authorisation as we do not have the group attributes in our LDAP ISE wants for the administrators, and it turns out that ISE simply does not support it.

-- Best Regards
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card