Join ISE 1.3 to AD

REQUIREMENT:

1. ISE point its NTP to AD
2. make sure both has the same time zone, and time difference between them is no longer than 5m
 You can see timezone here
http://www.cisco.com/c/en/us/td/docs/security/ise/1-0/cli_ref_guide/ise10_cli/ise10_cli_app_a.html#wp1571855
ISE#show clock
Tue Mar 24 04:59:01 UTC 2015
ise/admin# conf t
Enter configuration commands, one per line. End with CNTL/Z.
ise/admin(config)# clock timezone Asia/Jakarta
% On ISE distributed deployments, it is recommended all nodes be
% configured with the same time zone.
Continue with time zone change? Y/N [N]: y
System timezone was modified. You must restart ISE for change to take effect.
Do you want to restart ISE now? (yes/no) yes
1. Create a user in AD
First name: svc
Last name: ise
Account: svcise
Member of: Domain Users
2. Add AD
-login to ISE web GUI
-go to Administration/Identity Management/External Identity Sources/Active Directory
-click Add
-Connection
Join Point Name: ADInternal
Active Directory Domain: poc.com
click Submit
-Would you like to Join all ISE Nodes to this Active Directory Domain?
click Yes
-Join Domain
AD User Name: svcise
Password:
 NOTE: you can join ISE to AD using Domain Users like svcise, but you can’t disjoin ISE from AD.
To do that, you need to key in admin username and password
-Verify user connection
In Administration/Identity Management/External Identity Sources/Active Directory/AD1
tick ise.poc.com
click Test User
Image
-Verify in AD, ISE computer already in ADUC
Image
-Create a new Identity Source Sequences
Here we will force user to authenticate to AD first, if failed then authenticate to ISE local user
go to  Administration/Identity Management/Identity Source Sequences
click Add
Image
-Change default dot1x authentication
go to Policy/Authentication/Dot1X
click Edit
Change All_User_ID_stores to ADSequence
Image
click Save
Will update later after I configure switch integration with ISE and test from user side
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s