Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
552
Views
0
Helpful
1
Replies

ISE vlan check in authorization policy

Not applicable

‎06-21-2017 11:37 AM - last edited on ‎03-11-2019 12:48 AM by

I am attempting to create an ISE V2.1 authorization policy based on the switchport access VLAN assignment.  I have read in some documents that the Radius AV pairs that might apply are:

cisco-avpair="tunnel-type(#64)=VLAN(13)"

cisco-avpair="tunnel-medium-type(#65)=802 media(6)"

cisco-avpair="tunnel-private-group-ID(#81)=2" (2 is my vlan id)

The policy I have tried which is not working consists of the 3 statements in an "AND condition."

radius:tunnel-type = VLAN   

radius:tunnel-private-group-ID = 270 <--------  "switchport access vlan 270"

radius:tunnel-medium-type = 802

I have also tried just the private-group-ID = 270  by itself and no luck on that either.

Any help is most appreciated.

1 person had this problem
Labels:
0 Helpful
1 Reply 1

msp88siew
Level 1
Level 1

‎03-30-2018 10:06 PM

Have you able to make it work for CISCO ISE to check the switchport access vlan id?
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents