Header Ads

Recently post

Cisco ISE authentication method EAP (Extensible Authentication Protocol)

This topic is very important if you are using ISE or preparing ISE , also for interview purpose 

 

There are many flavors of EAP supported by ISE, we will be covering the most commonly 

used three options.

PEAP (Protected Extensible Authentication Protocol)

• Security works much like a web site using SSL/TLS.

• Client uses the server certificate to encrypt data.

• Does not require a client certificate.


EAP-TLS (Transport Layer Security)

• Does require both server and client certificates for mutual authentication.

• E.g. The network knows it is Bob from Accounting and Bob knows he is truly attaching to the 

correct network (not a spoofed SSID).

• Considered the most secure option.


EAP-FAST (Flexible Authentication via Secure Tunneling)

• Does not require client certificates.

• Uses PAC files to create the secure tunnel.

• Can be used for Machine and User simultaneous authentication.

• Requires the Anyconnect Supplicant on the workstation


Basically we are using three method mainly in ISE, so we focused on that only.


PEAP Authentication Process --









EAP-TLS Authentication Process  --



EAP-FAST Authentication Process --




No comments