Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco ISE 1.1.1 External RADIUS Proxy

Hello,

I am looking to port legacy ACS 4.2 "proxy distribution tables" to ISE 1.1.1 and I am currently a little at a loss where to start.   I know I have to add the External RADIUS Server, Configure a RADIUS Server Sequence that will skip local authentications then send to the External RADIUS server.  How do I match this authentication and how do I match it to an authorization rule?   Is this the Network Access:Use Case equals proxy?   There is no documentation on this, so any insights are greatly appreciated.

5 REPLIES

Cisco ISE 1.1.1 External RADIUS Proxy

Hi,

You have to create a new authentication rule and instead of expecting the result to be radius proxy, it appears when you set the "allow protocols" condition of the rule.

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
New Member

Re: Cisco ISE 1.1.1 External RADIUS Proxy

Thank you,

I duplicated the Dot1x Authentication Rule, and changed allowed protocols to "RADIUS Server Sequence : MySequence"

In the RADIUS Server Sequence under the advanced tab I have it set to "Continue to Authorization Policy'.

Which Authorization rule would match?

Network Access:RADIUS Server Sequence EQUAL MySequence

OR

Network Access:UseCase EQUALS Proxy

OR

None of the above?

Thanks

Cisco ISE 1.1.1 External RADIUS Proxy

Hi,

Can you post the screenshot?

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
New Member

Re: Cisco ISE 1.1.1 External RADIUS Proxy

RADIUS Sequence Continue to Authorization

     

Authorization Rules to Match Proxy

Re: Cisco ISE 1.1.1 External RADIUS Proxy

My assumption is that the top rule would match since both attributes should be processed during the authentication attempt.

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
686
Views
0
Helpful
5
Replies
CreatePlease login to create content