Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1458
Views
0
Helpful
4
Replies

Cisco ISE with both internal and External RADIUS Server

nicanor00
Level 1
Level 1

‎09-19-2014 04:17 AM - edited ‎03-12-2019 05:43 PM

Hi

I have ISE 1.2 , I configured it as management monitor and PSN and it work fine

I would like to know if I can integrate an external radius server and work with both internal and External RADIUS Server simultanously

So some computer (groupe_A in active directory ) will continu to made radius authentication on the ISE internal radius and other computer (groupe_B in active directory) will made radius authentication on an external radius server

I will like to know if it is possible to configure it and how I can do it ?

Thanks in advance for your help

Regards

Blaise

 

Labels:
0 Helpful
4 Replies 4

Saurav Lodh
Level 7
Level 7

‎09-19-2014 06:51 PM

Cisco ISE can function both as a RADIUS server and as a RADIUS proxy server. When it acts as a proxy server, Cisco ISE receives authentication and accounting requests from the network access server (NAS) and forwards them to the external RADIUS server. Cisco ISE accepts the results of the requests and returns them to the NAS.

Cisco ISE can simultaneously act as a proxy server to multiple external RADIUS servers. You can use the external RADIUS servers that you configure here in RADIUS server sequences. The External RADIUS Server page lists all the external RADIUS servers that you have defined in Cisco ISE. You can use the filter option to search for specific RADIUS servers based on the name or description, or both. In both simple and rule-based authentication policies, you can use the RADIUS server sequences to proxy the requests to a RADIUS server.

The RADIUS server sequence strips the domain name from the RADIUS-Username attribute for RADIUS authentications. This domain stripping is not applicable for EAP authentications, which use the EAP-Identity attribute. The RADIUS proxy server obtains the username from the RADIUS-Username attribute and strips it from the character that you specify when you configure the RADIUS server sequence. For EAP authentications, the RADIUS proxy server obtains the username from the EAP-Identity attribute. EAP authentications that use the RADIUS server sequence will succeed only if the EAP-Identity and RADIUS-Username values are the same.

0 Helpful

nicanor00
Level 1
Level 1
In response to Saurav Lodh

‎09-20-2014 01:08 AM

Hi and Thanks for your answer

Please where can I found any document that can help to configure it ?

Regards

 

0 Helpful

nicanor00
Level 1
Level 1
In response to nicanor00

‎09-26-2014 02:23 AM

Please I need help to configure it

some body can help with documentation !!

Thanks in advance

0 Helpful

jan.nielsen
Level 7
Level 7
In response to nicanor00

‎09-26-2014 03:59 AM

If you just search for ise radius proxy, this will turn up;

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_auth_pol.html#pgfId-1284748

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents