Integrate Juniper Mist™ with Cisco® ISE for EAP

SUMMARY Follow this procedure to integrate Juniper Mist™ with Cisco® ISE for EAP for secure user authentication.

You can integrate Juniper Mist™ with Cisco® Identity Services Engine (ISE) to leverage Extensible Authentication Protocol (EAP). This protocol provides a secure way for wireless networks to send identification information for network authentication purposes.

To integrate Juniper Mist with Cisco ISE:

In the Juniper Mist portal, navigate to the WLAN or create a new one.

Note:
For help, see Configure a WLAN Template or Adding a WLAN.
For Security Type, select WPA2 and Enterprise (802.1X).
In the Authentication Servers section, click Add the RADIUS Server, and then enter in the IP Address (Hostname), Port, and Shared Secret of the ISE server. Click the checkmark near the top right corner of the section to save the changes.
If you need to enable dynamic VLANs:
Note:
- Named VLAN—This option supports Airespace-Interface-Name or Tunnel-Private-Group-ID RADIUS attributes and can be specified as a single VLAN, a pool of VLANs, or as variables.
- VLAN ID—This option supports Tunnel-Private-Group-ID RADIUS Attributes and can be specified as a single VLAN, VLAN range, or as variables.
Save the WLAN settings.

Note:
If the WLAN is in a WLAN template, ensure that you've applied the template to the desired site(s).
Look up the IP address of the AP that you want to integrate with Cisco ISE:
1. On the left menu of the Juniper Mist™ portal, select Access Points (APs).
2. Select the AP, then scroll down to the Status section to obtain the AP's IP Address to be used in the Identity Services Engine (ISE).
Go to your admin portal for Cisco ISE, add a network device, and enter this information:
- Name—The name of the AP
- IP Address—The IP address of the AP
- Shared Secret—The RADIUS Shared Secret
Note:
For help adding a device in Cisco ISE, go to the Cisco support site: Adding and Editing Devices