Cisco ISE authentication method EAP (Extensible Authentication Protocol)

Sep 2, 20221 min read

Updated: Jan 21

This topic is very important if you are using ISE or preparing ISE , also for interview purpose

There are many flavors of EAP supported by ISE, we will be covering the most commonly

used three options.

PEAP (Protected Extensible Authentication Protocol)

• Security works much like a web site using SSL/TLS.

• Client uses the server certificate to encrypt data.

• Does not require a client certificate.

EAP-TLS (Transport Layer Security)

• Does require both server and client certificates for mutual authentication.

• E.g. The network knows it is Bob from Accounting and Bob knows he is truly attaching to the correct network (not a spoofed SSID).

• Considered the most secure option.

EAP-FAST (Flexible Authentication via Secure Tunneling)

• Does not require client certificates.

• Uses PAC files to create the secure tunnel.

• Can be used for Machine and User simultaneous authentication.

• Requires the Anyconnect Supplicant on the workstation

Basically we are using three method mainly in ISE, so we focused on that only.

PEAP Authentication Process --

EAP-TLS Authentication Process --

EAP-FAST Authentication Process --

Recent Posts

See All

ISE BYOD: Dual vs Single SSID Onboarding

In general it is recommended to minimize number of ' SSIDs. Also, if the guest access is using hotspot access then single-SSID BYOD is...

Unable to login on cisco ISE though GUI

We can troubleshoot the issue about Unable to login on ISE through GUI . This is a very common issue. If you are not able to login on ISE...

Cisco ise lab free provided by cisco

Cisco ISE lab free online -- Now you can get Cisco ISE lab free that's provided by Cisco - step 1- login into the below URL also make...

All Posts 296 postsNo categories yet.
Network security 16 postsNo categories yet.
Interview questions and answer 7 postsNo categories yet.
Uncategorised 3 postsNo categories yet.
desktop support 11 postsNo categories yet.
interview question and answer 8 postsNo categories yet.
access list 3 postsNo categories yet.
ccna 6 postsNo categories yet.
cisco packet tracker 1 postNo categories yet.
network engineer 10 postsNo categories yet.
Fortigate 8 postsNo categories yet.
Network security 8 postsNo categories yet.
Interview questions and answer 3 postsNo categories yet.
Uncategorised 4 postsNo categories yet.
access list 0 postsNo categories yet.
ccna 5 postsNo categories yet.
cisco packet tracker 1 postNo categories yet.
desktop support 5 postsNo categories yet.
interview question and answer 10 postsNo categories yet.
network engineer 8 postsNo categories yet.
Fortigate 3 postsNo categories yet.
Paloalto 23 postsNo categories yet.
Checkpoint 8 postsNo categories yet.
Cisco ise 14 postsNo categories yet.
Zscaler 20 postsNo categories yet.
F5 19 postsNo categories yet.
Azure 2 postsNo categories yet.
wireless 1 postNo categories yet.
VPN 4 postsNo categories yet.
Linux 4 postsNo categories yet.
Windows Automation 1 postNo categories yet.
Gmail 0 postsNo categories yet.
ASA 1 postNo categories yet.
Cisco 3 postsNo categories yet.
wifi 1 postNo categories yet.
Fortigate web 1 postNo categories yet.
Barracuda WAF 1 postNo categories yet.
Service Desk 1 postNo categories yet.
Soc 2 postsNo categories yet.
Cyberark 1 postNo categories yet.
Wireshark 1 postNo categories yet.
Cheatsheet 1 postNo categories yet.
bgp 1 postNo categories yet.
Privilege 1 postNo categories yet.
anyconnect 1 postNo categories yet.
proofpoint 1 postNo categories yet.
AWS 2 postsNo categories yet.
Forescout 7 postsNo categories yet.
Proofpoint 1 postNo categories yet.
Prisma 2 postsNo categories yet.

Where Networking Meets Insight

Cisco ISE authentication method EAP (Extensible Authentication Protocol)

Recent Posts

TAgs

Categorys