Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

ISE with multiple AD

Dear Friends,

I heard that we can integrate only one AD with ISE. But what if i need to integrate multiple AD's to ISE?

I also learned that we can integrate multiple LDAP instances to ISE. So can i use this option for my situation?

thanks in advance

- Rajiv

Everyone's tags (3)
2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

ISE with multiple AD

That is correct! Cisco ISE supports integration with a single Active Directory identity source. Cisco ISE uses this Active Directory identity source to join itself to an Active Directory domain. If this Active Directory source has a multidomain forest, trust relationships must exist between its domain and the other domains in order for Cisco ISE to retrieve information from all domains within the forest.

However, you may create multiple instances for LDAP. Cisco ISE can communicate via LDAP to Active Directory servers in an untrusted domain. The only limitation you would see with LDAP being a database that it doesn't support PEAP MSCHAPv2 ( native microsoft supplicant). However it does suppport EAP-TLS.

For more information you may go through the below listed link

http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_45_multiple_active_directories.pdf

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
New Member

Re: ISE with multiple AD

Till now ISE support only one AD :

Multiple AD will be supported is ISE 1.3 Release, That will be release first quarter of 2014,

Review the attached.

4 REPLIES

ISE with multiple AD

Yes and yes.

Thanks

Chris

Cisco Employee

ISE with multiple AD

That is correct! Cisco ISE supports integration with a single Active Directory identity source. Cisco ISE uses this Active Directory identity source to join itself to an Active Directory domain. If this Active Directory source has a multidomain forest, trust relationships must exist between its domain and the other domains in order for Cisco ISE to retrieve information from all domains within the forest.

However, you may create multiple instances for LDAP. Cisco ISE can communicate via LDAP to Active Directory servers in an untrusted domain. The only limitation you would see with LDAP being a database that it doesn't support PEAP MSCHAPv2 ( native microsoft supplicant). However it does suppport EAP-TLS.

For more information you may go through the below listed link

http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_45_multiple_active_directories.pdf

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
New Member

Re: ISE with multiple AD

Till now ISE support only one AD :

Multiple AD will be supported is ISE 1.3 Release, That will be release first quarter of 2014,

Review the attached.

Re: ISE with multiple AD

So I guess I have to go with LDAP with EAP-TLS for multiple domains.

Thanks Jatin and Manjeet.


Sent from Cisco Technical Support iPad App

1941
Views
0
Helpful
4
Replies
CreatePlease to create content