Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ISE wired TLS with group mapping

Hi. We authenticate wired clients using EAP-TLS with Computer Certificates. This works fine so far. Now we need an authorization with LDAP and set the VLAN based on the AD Group of the Computer. Is there a way to use the CN of the Certificate and retrieve the Attributes of the Client over LDAP?

Does anybody know how this could be done?

Regards,

Urs

Everyone's tags (3)
1 REPLY

Re:ISE wired TLS with group mapping

You should be able to do this, as long as the cn name is in the corrext format which for computer certificates it ahould be fine. Setup the ldap external store, find the grouo and map that to your authz policy.


Sent from Cisco Technical Support Android App

Tarik Admani *Please rate helpful posts*
176
Views
0
Helpful
1
Replies
CreatePlease to create content