Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

WLC AAA Radius to ISE - Multiple Domains in Single Forrest

I am currently having a problem configuring AAA for management access to our wireless controllers.

Our active directory structure is as below: (note all domains are part of the same forest and full trusts between the domains)

Root Domain

Americas domain                UK Domain              EU Domain            APAC Domain

Because of the multiple domains that exist when admins login they need to use their full UPN (username@ukdomain.com), since just using username will only authenticate agains the Root Domain and there may be duplicate usernames between the domains.

I cant even see the radius request hitting ISE and i found out that this is due to a 24 character limit on the username field on the WLC's. 

I dont have this issue with other IOS based devices. 

I could just create some admin accounts in the root domain but the problem is that lobbyadmin staff also needs to authenticate and they will run into the same issue.

Dont know if someone has any suggestions for a possible workaround?

 

Everyone's tags (1)
2 REPLIES
Cisco Employee

https://supportforums.cisco

https://supportforums.cisco.com/discussion/11598776/multiple-domains-authentication-cisco-ise

http://www.cisco.com/c/dam/en

http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/howto_45_multiple_active_directories.pdf

136
Views
0
Helpful
2
Replies