Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

ISE and no External Identity Source

I have this particular case in which I need to make authentications for users in ISE without Active Directory/LDAP etc.


I would like to have some kind of MAC to USER binding where the user would no be able to add more devices to the network. I know the eap chaining using anyconnect is a way of achieving this but then again I can only see it using AD or some kind of external database. Also printers, wireless and phones are in the map. I tried using MAB and CWA for this but do not want to have the users be able to self register their devices as if they were guests.


EAP chaining without AD??? Possible?

Any hope?

Thank you 

Everyone's tags (1)
Cisco Employee

Someone else can chime in

Someone else can chime in here but I don't think it is possible to perform EAP-Chaining with the internal database of ISE. With that being said, feel free to read the EAP-TEAP IETF doc :)


Community Member

That's what I was suspecting.

That's what I was suspecting.... shame....

And what about making an identity MAC vs User is that possible?

Cisco Employee

Sorry for the delay as I was

Sorry for the delay as I was out of town for training. Can you elaborate a bit more on what you mean by "making an identity MAC vs User?"

CreatePlease to create content