Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
422
Views
0
Helpful
1
Replies

ISE/WLC/AD - Creating a 802.1X SSID for Dual-Domain use with ISE

Colton
Level 1
Level 1

‎07-13-2018 07:55 AM - edited ‎07-05-2021 08:51 AM

Good Morning,

 

I am currently working with a Distributed ISE Node Setup (2 Nodes) in a Dual Domain organization (Academic Users separated from Administrative Users). I am attempting to use a Single SSID on my WLC for 802.1X logins and have been attempting to allow users from domain X and Domain Z to both authenticate to the SSID which will then ideally tag them with the appropriate VLAN.

 

That is the end goal for the moment but currently, I have run into the following Issue:

 

ISE Version 2.2.0.470
Patch Information None

14:32:14:652: Identity resolution detected multiple matching accounts

Error: A Duplicate User Record Was Found

 

I have a test account setup on both Domains using the same credentials. They are using different mailing addresses and have some attributes that help make them unique but ideally, I will have to come up with a solution to this while maintaining my dream of a Single 802.1X SSID for the organization.

 

Does anyone have any experiences or suggestions with how to deal with duplicate accounts across joined domains on ISE? I can provide logs and additional information as needed.

 

Thank you for taking the time to read this.

 

 

 

Labels:
0 Helpful
1 Reply 1

Rasika Nayanajith
VIP
VIP

‎07-13-2018 01:38 PM - edited ‎07-13-2018 01:40 PM

Though it is not related to your issue,I would highly recommend to apply latest patch (i think patch 9) to your ISE 2.2 environment.

 

"I have a test account setup on both Domains using the same credentials."

Do you expect this to be the case in your live setup (users will have same credentials in both domains). Typically different users will be in different groups in AD

 

Here is Cisco ISE AD Integration document that you should refer

https://www.cisco.com/c/en/us/td/docs/security/ise/2-0/ise_active_directory_integration/b_ISE_AD_integration_20.pdf

 

HTH

Rasika

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card