top of page
© Copyright not allowed
Search

Cisco ISE authentication method EAP (Extensible Authentication Protocol)

Writer's picture: Techclick co_inTechclick co_in
Sep 1, 20221 min read

This topic is very important if you are using ISE or preparing ISE , also for interview purpose 

There are many flavors of EAP supported by ISE, we will be covering the most commonly 

used three options.

PEAP (Protected Extensible Authentication Protocol)

• Security works much like a web site using SSL/TLS.

• Client uses the server certificate to encrypt data.

• Does not require a client certificate.

EAP-TLS (Transport Layer Security)

• Does require both server and client certificates for mutual authentication.

• E.g. The network knows it is Bob from Accounting and Bob knows he is truly attaching to the 

correct network (not a spoofed SSID).

• Considered the most secure option.

EAP-FAST (Flexible Authentication via Secure Tunneling)

• Does not require client certificates.

• Uses PAC files to create the secure tunnel.

• Can be used for Machine and User simultaneous authentication.

• Requires the Anyconnect Supplicant on the workstation

Basically we are using three method mainly in ISE, so we focused on that only.

PEAP Authentication Process --

Custom alt text

EAP-TLS Authentication Process  --



Custom alt text

EAP-FAST Authentication Process --

Custom alt text
0 views0 comments

Recent Posts

See All

WLC interview questions and answers

WLC interview questions and answers Wireless Interview Questions & Answers — Q1. What is Wi-Fi and what is WIMAX? Wi-Fi: Wireless...

0 comments

ISE BYOD: Dual vs Single SSID Onboarding

In general it is recommended to minimize number of ' SSIDs. Also, if the guest access is using hotspot access then single-SSID BYOD is...

0 comments

Unable to login on cisco ISE though GUI

We can troubleshoot the issue about Unable to login on ISE through GUI . This is a very common issue. If you are not able to login on ISE...

0 comments
bottom of page