ISE AD Integration
LAB 4: ISE AD Integration
In this lab we will learn about ISE AD Integration in deep dive level.
Topology: Below is the topology provided to configure in lab.
Task: Perform below task as per above topology to achieve ISE AD Integration
- Integrate the AD demo.local to ISE Engine
- Add AD groups and user attributes to Cisco ISE
- Test User authentication via any two authentication types.
- Integrate LDAP to Cisco ISE
- Test ISE so that it can pull data from your AD via LDAP.
- Modify ISE Authentication configuration to authenticate and pull data from AD server via LDAP.
- Add LDP groups and Attributes to Cisco ISE.
Go to Cisco ISE, Navigate to Work Center | Network Access | Overview. Click on Introduction and on right pane, Click to prepare | External Identity Stores
Now On Left Pane, Click to Active Directory | ADD
Enter the following information:
- Join Point Name: Local
- Active Directory Domain: Local
And then Submit. Once done a popup window will ask do you want to join the ISE to AD, Click to Yes.
In the Join domain box , Provide the AD username and Password and select the Specify Organization Unit Checkbox and Modify the DN value to OU=ISE, OU=HCC,DC=DEMO,DC=LOCAL and Click OK.
Now Click to ise-1 node from list | From Toolbar Click Run Diagnostic Tool
Now Match the names as per given below figure and click to RUN test now and you will see all test result will be successful, compare your output with below figure.
Now we will add the AD attributes to ISE engine.
In Left Pane, Click demo. Local under Active Directory | Click ADD | Choose Select Groups from Directory.
Put demo. Local under domain, Type Filter: ALL and click to Retrieve Groups.
Now change the type to GLOBAL and again click on Retrieve Groups.