https://community.cisco.com/t5/network-access-control/authentication-policy-ise-with-external-radius-server/m-p/2083406#M146557 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Can you please post a screenshot of the authentication policy and the attributes from the monitoring report?</P><P></P><P></P><P>Tarik Admani <BR />*Please rate helpful posts*</P></BODY></HTML> Fri, 14 Dec 2012 04:49:25 GMT Tarik Admani 2012-12-14T04:49:25Z https://community.cisco.com/t5/network-access-control/authentication-policy-ise-with-external-radius-server/m-p/2083405#M146556 <P>Hi All,<BR />I would like to authenticate client by using External RADIUS. Once I create authentication policy using the new compound condition (wireless dot1x + Radius Username Matches "domainB\") I would like to forward the user authentication who make an authen using domainB\username to the External RADIUS Server Sequence. But when I check on the authentication dashboard, it still authenticate using the default authentication rule.<BR /><BR />Please suggest about this scenario.<BR /><BR />Regards,<BR /><BR />Sent from Cisco Technical Support Android App</P> Mon, 11 Mar 2019 02:53:13 GMT https://community.cisco.com/t5/network-access-control/authentication-policy-ise-with-external-radius-server/m-p/2083405#M146556 Pongsatorn Maneesud 2019-03-11T02:53:13Z https://community.cisco.com/t5/network-access-control/authentication-policy-ise-with-external-radius-server/m-p/2083406#M146557 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Can you please post a screenshot of the authentication policy and the attributes from the monitoring report?</P><P></P><P></P><P>Tarik Admani <BR />*Please rate helpful posts*</P></BODY></HTML> Fri, 14 Dec 2012 04:49:25 GMT https://community.cisco.com/t5/network-access-control/authentication-policy-ise-with-external-radius-server/m-p/2083406#M146557 Tarik Admani 2012-12-14T04:49:25Z https://community.cisco.com/t5/network-access-control/authentication-policy-ise-with-external-radius-server/m-p/2083407#M146558 <HTML><HEAD></HEAD><BODY><P>Hi, Tarik,</P><P></P><P>Please see screenshots of the authentication policy I have created.</P><P><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/8/5/7/118758-Screen%20Shot%202555-12-17%20at%2012.09.34%20PM.png" class="jive-image" /></P><P><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/2/7/7/118772-Screen%20Shot%202555-12-17%20at%2012.13.38%20PM.png" class="jive-image" /></P><P>Thanks,</P><P>Pongsatorn</P></BODY></HTML> Mon, 17 Dec 2012 05:22:22 GMT https://community.cisco.com/t5/network-access-control/authentication-policy-ise-with-external-radius-server/m-p/2083407#M146558 Pongsatorn Maneesud 2012-12-17T05:22:22Z https://community.cisco.com/t5/network-access-control/authentication-policy-ise-with-external-radius-server/m-p/2083408#M146559 <HTML><HEAD></HEAD><BODY><P>Can you please also share a copy of the authentication details for requests that do not match as expected.</P><P></P><P>This should also giev soem additional information</P></BODY></HTML> Mon, 17 Dec 2012 12:59:06 GMT https://community.cisco.com/t5/network-access-control/authentication-policy-ise-with-external-radius-server/m-p/2083408#M146559 jrabinow 2012-12-17T12:59:06Z https://community.cisco.com/t5/network-access-control/authentication-policy-ise-with-external-radius-server/m-p/2083409#M146560 <HTML><HEAD></HEAD><BODY><P>Hi jrabinow,</P><P></P><P>Which details you would like to see ? </P><P></P><P>Here is some infos.</P><P></P><P>ISEs are deployed in 2 domains such as "acme.com" and "sub.acme.com"</P><P>Each domain does not make a trusted relationship so these 2 domains cannot communicate between them.</P><P>Each domain has owned Enterprise Root CA (Microsoft)</P><P>Client who need to access the network need to authenticate with EAP-TLS.</P><P></P><P>My environment</P><P>My ISE node joined into domain "acme.com"</P><P><SPAN>User will be "</SPAN><A class="jive-link-email-small" href="mailto:name1@acme.com">name1@acme.com</A><SPAN>"</SPAN></P><P><SPAN>Once the user from "</SPAN><A class="jive-link-email-small" href="mailto:name2@sub.acme.com">name2@sub.acme.com</A><SPAN>" try to authenticate, I would like to forward the RADIUS request from ISEs (acme.com) to other ISEs (sub.acme.com)</SPAN></P><P>After ISEs in "sub.acme.com" return RADIUS-ACCEPT then ISEs in "acme.com" will process an authorization policy.</P><P></P><P>Regards,</P><P>Pongsatorn</P></BODY></HTML> Tue, 18 Dec 2012 04:28:13 GMT https://community.cisco.com/t5/network-access-control/authentication-policy-ise-with-external-radius-server/m-p/2083409#M146560 Pongsatorn Maneesud 2012-12-18T04:28:13Z