Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
321
Views
5
Helpful
3
Replies

ISE and no External Identity Source

ahurtadove
Level 1
Level 1

‎07-02-2014 02:06 PM - edited ‎03-10-2019 09:50 PM

I have this particular case in which I need to make authentications for users in ISE without Active Directory/LDAP etc.

 

I would like to have some kind of MAC to USER binding where the user would no be able to add more devices to the network. I know the eap chaining using anyconnect is a way of achieving this but then again I can only see it using AD or some kind of external database. Also printers, wireless and phones are in the map. I tried using MAB and CWA for this but do not want to have the users be able to self register their devices as if they were guests.

 

EAP chaining without AD??? Possible?

Any hope?

Thank you 

Labels:
0 Helpful
3 Replies 3

nspasov
Cisco Employee
Cisco Employee

‎07-02-2014 03:55 PM

Someone else can chime in here but I don't think it is possible to perform EAP-Chaining with the internal database of ISE. With that being said, feel free to read the EAP-TEAP IETF doc :)

http://tools.ietf.org/html/draft-ietf-emu-eap-tunnel-method-01

 

ahurtadove
Level 1
Level 1
In response to nspasov

‎07-02-2014 06:02 PM

That's what I was suspecting.... shame....

And what about making an identity MAC vs User is that possible?

0 Helpful

nspasov
Cisco Employee
Cisco Employee
In response to ahurtadove

‎07-10-2014 10:35 PM

Sorry for the delay as I was out of town for training. Can you elaborate a bit more on what you mean by "making an identity MAC vs User?"

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents