Cisco ISE authentication method EAP (Extensible Authentication Protocol)

Posted by

This topic is very important if you are using ISE or preparing ISE , also for interview purpose 

 

There are many flavors of EAP supported by ISE, we will be covering the most commonly 

used three options.

PEAP (Protected Extensible Authentication Protocol)

• Security works much like a web site using SSL/TLS.

• Client uses the server certificate to encrypt data.

• Does not require a client certificate.

EAP-TLS (Transport Layer Security)

• Does require both server and client certificates for mutual authentication.

• E.g. The network knows it is Bob from Accounting and Bob knows he is truly attaching to the 

correct network (not a spoofed SSID).

• Considered the most secure option.

EAP-FAST (Flexible Authentication via Secure Tunneling)

• Does not require client certificates.

• Uses PAC files to create the secure tunnel.

• Can be used for Machine and User simultaneous authentication.

• Requires the Anyconnect Supplicant on the workstation

Basically we are using three method mainly in ISE, so we focused on that only.

PEAP Authentication Process —

EAP-TLS Authentication Process  —



EAP-FAST Authentication Process —


[the-post-grid id=”9538″ title=””]

Visit Our Store and Buy All document (F5, Zscaler, ASA, Paloalto, Checkpoint,Forescout, Cisco ISE etc) only in  1600RS, click here on store - Store

X
error: Content is protected !!