Achieving Seamless Network Authentication with Cisco ISE & AD Integration

Achieving Seamless Network Authentication with Cisco ISE & AD Integration

Cisco Identity Services Engine (ISE) is a network management tool that allows endpoint devices linked to Cisco routers and switches to create and enforce security and access restrictions.

Cisco ISE is an identity-based network access control and policy enforcement system. It functions as a single policy engine for business endpoint access control and network device management.

Cisco ISE
Fig 1.1- Cisco ISE

Active Directory account permissions necessary to accomplish different tasks, network ports that must be available for communication, and DNS server settings are all conditions for integrating AD with Cisco ISE. Lets start with AD local windows first followed by Cisco ISE setup

Related : Cisco ISE upgrades, Issues and Tips

Check also : Cisco ISE 2.0 Vs Cisco ISE 3.0

Step 1: In order to achieve Cisco ISE and Active Directory Integration, let’s establish the AD/DNS/NTP. Installing DNS and Active Directory Services

Setting up server IP Address
Fig 1.2- Setting up Server IP address

Step 2: Now its time to create your domain

Creating the local domain
Fig 1.3- Local Domain 

Step 3: Confirm the Active Directory and DNS Services are installed properly.

Fig 1.4- AD & DNS

Step 4: Setting Windows Server as NTP server and then Restart NTP services.

Enable as NTP Server
Fig 1.5- Enable as NTP Server

Cisco ISE Setup now

Step 1: Login to the Cisco ISE with your Credentials 

Cisco ISE Login
Fig 1.6- Cisco ISE Login

Step 2: Add AD domain as shown below
Administration > External Identity Sources > Active Directory > Add

Active Directory Add
Fig 1.7- Cisco ISE AD

Step 3: Its time to Submit Joined Point Name

Submit Joined domain
Fig 1.8- Cisco ISE join Point Name

Step 4: Enter AD Domain Admin credential to join ISE to Domain.

Local AD to join ISE
Fig 1.9- Local AD to join ISE

Once done, Please confirm status and you will see the node status as "Completed"

Cisco ISE supports multiple Active Directory domain joins. It can connect to several Active Directory domains that do not trust each other or have 0% trust. When Cisco ISE joins an Active Directory domain, it immediately discovers the trusted domains of the join point.