WLC AAA Radius to ISE - Multiple Domains in Single Forrest
I am currently having a problem configuring AAA for management access to our wireless controllers.
Our active directory structure is as below: (note all domains are part of the same forest and full trusts between the domains)
Americas domain UK Domain EU Domain APAC Domain
Because of the multiple domains that exist when admins login they need to use their full UPN (firstname.lastname@example.org), since just using username will only authenticate agains the Root Domain and there may be duplicate usernames between the domains.
I cant even see the radius request hitting ISE and i found out that this is due to a 24 character limit on the username field on the WLC's.
I dont have this issue with other IOS based devices.
I could just create some admin accounts in the root domain but the problem is that lobbyadmin staff also needs to authenticate and they will run into the same issue.
Dont know if someone has any suggestions for a possible workaround?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...