cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
197
Views
0
Helpful
1
Replies

Recommended protocol for enterprise authentication

dan.letkeman
Level 4
Level 4

Hello,

I was wondering if anyone has any recommendations for authentication protocols in our scenario.

We need to be able to send user information from our ISE server to our Firepower system.  In order to gather user information from Domain joined computers, enterprise owned mobile devices, byod devices, and guest devices I am thinking of using the following for the respective wireless networks

SSID: Guest - Captive portal, self registration or pre defined guest accounts

SSID: BYOD - PEAP-MSCHAPv2 with AD Authentication, Register to endpoint groups.  Users will need to be part of the correct AD group in order to login

SSID: Corporate - PEAP-MSCHAPv2

I was thinking of using PEAP-MSCHAPv2 instead of EAP-TLS (which is what we are currently using, but only for machine authentication) for corporate access because we have many shared machines.  Shared machines don't have user certificates so user authentication wont work in this scenario because I need the user certificate to do EAP-TLS and user authentication.  I cannot put user certificates on the computers because there may be 100's of users that use the machine over time.

The problem with using PEAP-MSCHAPv2 for corporate access is that I am finding it difficult to find a way to keep mobile byod devices from connect to the corporate SSID.  Does anyone have any authentication policies that I can try in order to disable non domain joined devices from connecting?

Anyone have any suggestions for a better way?  

Thanks,

Dan.

1 Reply 1

ammahend
VIP
VIP

SSID: Corporate - PEAP-MSCHAPv2

add a condition to ISE policy to check if the machine belongs to the domain, if yes then use desired result, else deny or limited access.

**rate helpful posts**

-hope this helps-
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: