Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Process Host Lookup in ISE

What is meant by "Process Host Lookup " in Allowed Protocol Service in cisco ISE? I am new to ISE and trying to understand authentication policies.

This is the link I was referencing:



Everyone's tags (1)

Process Host Lookup in ISE


MAB is PAP...or you can optimize

RADIUS Access-Request

MAB as PAP · works with any RADIUS server ·  password = username Differentiates MAB Request MAB as "Host Lookup" ·  ACS/ISE optimization · no need for fake passwords

Cisco Employee

Process Host Lookup in ISE

Hi Kashish,

Process Host Lookup, this option suggest the radius server to check  Service-Type Call Check attribute in the radius access-request.

When the Process Host Lookup option is checked, ACS uses the System UserName attribute that was copied from the RADIUS User-Name attribute. When the Process Host Lookup option is not checked, ACS ignores the HostLookup field and uses the original value of the System UserName attribute for authentication and authorization. The request processing continues according to the message protocol; for example, according to the RADIUS User-Name and User-Password attributes for PAP.

When radius identifies a network access request with the call check attribute as Host Lookup (RADIUS::ServiceType = 10), radiussnauthenticates (validates) and authorizes the host by looking up the value in the Calling-Station-ID attribute (for example, the MAC address) in the configured identity store according to the authentication policy.

Jatin Katyal
- Do rate helpful posts -

~BR Jatin Katyal **Do rate helpful posts**
CreatePlease login to create content