Introduction
This document details the integration of Cisco Identity Services Engine (ISE) with a Secure LDAPS server, serving as an external identity source. It outlines the necessary steps for configuration and troubleshooting to ensure seamless network authentication.
Prerequisites
Before proceeding, users should possess a foundational understanding of Identity Service Engine (ISE) administration and Active Directory/Secure Lightweight Directory Access Protocol (LDAPS).
Components Used
The configuration described in this guide is based on the following software and hardware versions:
- Cisco ISE 2.6 Patch 7
- Microsoft Windows Server 2012 R2 with Active Directory Lightweight Directory Services
- Windows 10 OS PC with native supplicant and user certificate
- Cisco Switch C3750X with 152-2.E6 image
The procedures were developed in a lab environment using default configurations. Users operating in live networks should carefully consider the potential impact of any commands.
Key Configuration Steps
- Configure LDAPS on Active Directory, including certificate installation.
- Integrate ISE with the LDAPS Server by importing certificates and configuring LDAP attributes.
- Configure the network switch for 802.1x authentication.
- Configure the endpoint for EAP-TLS authentication.
- Set up the Policy Set on ISE for authentication and authorization.
Verification
The document provides methods to verify the successful integration and authentication, including checking authentication sessions and performing test binds to the server.
Troubleshooting
Common errors encountered during the configuration process are addressed, offering guidance on resolving issues such as unsupported authentication methods and certificate validation failures.
Related Information
For further details and related configurations, refer to the following Cisco resources:
Configure the ISE for Integration with an LDAP Server - Cisco
