I'm having a look at the RADIUS OUTBOUND Attributes Injection feature for the External Proxy service in ACS version 18.104.22.168.
The use case is:
ACS uses the External Proxy service to authenticate wireless users with certain domain suffixes
Sometimes the username Access-Accept comes back with the domain suffix stripped.
The result of this is:
ACS logs a successful authentication with the sent username (with suffix)
ACS sends the Access-Accept to the WLC and the user is listed on the WLC (without suffix)
Subsequent accounting packets for the user appear in ACS (without suffix)
In the past I've used a freeradius proxy server between ACS and the external proxy to 'rewrite' the username in the Access-Accept so that it matches the username origianlly sent in the Access-Request. The code for this looked something like the following.
I'm looking to do the above solely with ACS but I can't see the Radius-ietf username attribute listed under the RADIUS OUTBOUND Attributes Injection feature. Is it possible to rewrite the username attribute in ACS 5.5?
Don't think this can be done in ACS 5.5 when using an External Proxy Service Type.
Interestingly, it appears to be possible with a Network Access Service Type. Under Allowed Protocols there is a tick box for Send as User-Name in RADIUS Access-Accept - one of the options is RADIUS Access-Request User-Name. Hopefully this will be implemented in a future release for External Proxy.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :