Cisco ISE authentication method EAP (Extensible Authentication Protocol)
This topic is very important if you are using ISE or preparing ISE , also for interview purpose
There are many flavors of EAP supported by ISE, we will be covering the most commonly
used three options.
PEAP (Protected Extensible Authentication Protocol)
• Security works much like a web site using SSL/TLS.
• Client uses the server certificate to encrypt data.
• Does not require a client certificate.
EAP-TLS (Transport Layer Security)
• Does require both server and client certificates for mutual authentication.
• E.g. The network knows it is Bob from Accounting and Bob knows he is truly attaching to the
correct network (not a spoofed SSID).
• Considered the most secure option.
EAP-FAST (Flexible Authentication via Secure Tunneling)
• Does not require client certificates.
• Uses PAC files to create the secure tunnel.
• Can be used for Machine and User simultaneous authentication.
• Requires the Anyconnect Supplicant on the workstation
Basically we are using three method mainly in ISE, so we focused on that only.
PEAP Authentication Process --
EAP-TLS Authentication Process --
No comments