https://community.cisco.com/t5/network-access-control/bluecoat-proxy-ssg-300-25-administration-access-using-ise/m-p/3715526#M507489 <P>Hi Chris,</P> <P>Add Bluecoat Proxy under Radius Vendor in ISE Dictionary with vendor id&nbsp;14501</P> <P>Under dictionary attribute add 2 new attribute with</P> <P>Attribute Name :&nbsp;Blue-Coat-Authorization</P> <P>Data Type:&nbsp;UINT32</P> <P>Direction: Both</P> <P>ID: 2</P> <P>Another attribute with <SPAN>Attribute Name</SPAN>:&nbsp;Blue-Coat-Group</P> <P>Data Type:&nbsp;UINT32</P> <P>Direction: Both</P> <P>ID: 1</P> <P>&nbsp;</P> <P>Under Authorization profile,use network device profile as Bluecoat,then in Advance attribute call the above 2 attributes as:</P> <P>Blue-Coat-Authorization = 2<BR />Blue-Coat-Group = 2&nbsp;</P> Sat, 29 Sep 2018 15:50:19 GMT Aravind Ravichandran 2018-09-29T15:50:19Z https://community.cisco.com/t5/network-access-control/bluecoat-proxy-ssg-300-25-administration-access-using-ise/m-p/3710229#M507487 <P>Hi experts,</P> <P>&nbsp;</P> <P>my customer needs to migrate from acs to ise. this will be for administration access of their devices. they have non-cisco devices and 1 of them is bluecoat proxy. i have tried to configure the way i think it will work but unfortunately no luck. so far below are what have i done:</P> <P>&nbsp;</P> <P>1. added bluecoat vendor id(14501) on ise dictionary</P> <P>2.&nbsp; added attribute for admin access. admin access id = 2</P> <P>3. added attribute for read only access. read only = 1</P> <P>4. created device profile for bluecoat. using the newly added radius attribute</P> <P>5. created a policy with the result of "administrative" for admin access. and "login" for read only access.&nbsp;</P> <P>&nbsp;</P> <P>during testing authentication is successful but doesnt go thru to proxy gui access. the device is re-prompting to username and password window.&nbsp;</P> <P>&nbsp;</P> <P>anybody have tried this setup ? or maybe can point me to a good document. thanks in advance.</P> <P>&nbsp;</P> <P>regards,</P> <P>chris&nbsp;</P> Thu, 20 Sep 2018 08:29:38 GMT https://community.cisco.com/t5/network-access-control/bluecoat-proxy-ssg-300-25-administration-access-using-ise/m-p/3710229#M507487 Meuserid1979 2018-09-20T08:29:38Z https://community.cisco.com/t5/network-access-control/bluecoat-proxy-ssg-300-25-administration-access-using-ise/m-p/3715526#M507489 <P>Hi Chris,</P> <P>Add Bluecoat Proxy under Radius Vendor in ISE Dictionary with vendor id&nbsp;14501</P> <P>Under dictionary attribute add 2 new attribute with</P> <P>Attribute Name :&nbsp;Blue-Coat-Authorization</P> <P>Data Type:&nbsp;UINT32</P> <P>Direction: Both</P> <P>ID: 2</P> <P>Another attribute with <SPAN>Attribute Name</SPAN>:&nbsp;Blue-Coat-Group</P> <P>Data Type:&nbsp;UINT32</P> <P>Direction: Both</P> <P>ID: 1</P> <P>&nbsp;</P> <P>Under Authorization profile,use network device profile as Bluecoat,then in Advance attribute call the above 2 attributes as:</P> <P>Blue-Coat-Authorization = 2<BR />Blue-Coat-Group = 2&nbsp;</P> Sat, 29 Sep 2018 15:50:19 GMT https://community.cisco.com/t5/network-access-control/bluecoat-proxy-ssg-300-25-administration-access-using-ise/m-p/3715526#M507489 Aravind Ravichandran 2018-09-29T15:50:19Z https://community.cisco.com/t5/network-access-control/bluecoat-proxy-ssg-300-25-administration-access-using-ise/m-p/3720725#M507491 <P>Hi,</P> <P>&nbsp;</P> <P>thanks for the reply. I have tried what you have suggested but sorry to say that it doesn't work. im talking to cisco tac about it. thanks</P> <P>&nbsp;</P> <P>regards,</P> <P>Chris</P> Mon, 08 Oct 2018 02:44:18 GMT https://community.cisco.com/t5/network-access-control/bluecoat-proxy-ssg-300-25-administration-access-using-ise/m-p/3720725#M507491 Meuserid1979 2018-10-08T02:44:18Z https://community.cisco.com/t5/network-access-control/bluecoat-proxy-ssg-300-25-administration-access-using-ise/m-p/3867062#M507492 <P>I see that there has not been anything posted as to a resolution on this. I have tried the same process and found it to not work as expected.</P><P>&nbsp;</P><P>Can someone that has been able to verify a working configuration please respond.</P><P>&nbsp;</P><P>Thank you,</P> Mon, 03 Jun 2019 21:06:00 GMT https://community.cisco.com/t5/network-access-control/bluecoat-proxy-ssg-300-25-administration-access-using-ise/m-p/3867062#M507492 scottbushey 2019-06-03T21:06:00Z https://community.cisco.com/t5/network-access-control/bluecoat-proxy-ssg-300-25-administration-access-using-ise/m-p/3867083#M507494 <P>Hello <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>&nbsp;</P> <P>on the authorization profile how did you create it and what was the response from ISE, kindly note i don't have a verified test</P> <P>&nbsp;</P> <P>however will help you here to have the profile as per this</P> <TABLE class="highlight tab-size js-file-line-container" data-tab-size="8"> <TBODY> <TR> <TD class="blob-code blob-code-inner js-file-line">VENDOR BlueCoat 14501</TD> </TR> </TBODY> </TABLE> <TABLE class="highlight tab-size js-file-line-container" data-tab-size="8"> <TBODY> <TR> <TD class="blob-code blob-code-inner js-file-line">&nbsp;</TD> </TR> </TBODY> </TABLE> <TABLE class="highlight tab-size js-file-line-container" data-tab-size="8"> <TBODY> <TR> <TD class="blob-code blob-code-inner js-file-line">BEGIN-VENDOR BlueCoat</TD> </TR> </TBODY> </TABLE> <TABLE class="highlight tab-size js-file-line-container" data-tab-size="8"> <TBODY> <TR> <TD class="blob-code blob-code-inner js-file-line">&nbsp;</TD> </TR> </TBODY> </TABLE> <TABLE class="highlight tab-size js-file-line-container" data-tab-size="8"> <TBODY> <TR> <TD class="blob-code blob-code-inner js-file-line">ATTRIBUTE Blue-Coat-Group 1 string</TD> </TR> </TBODY> </TABLE> <TABLE class="highlight tab-size js-file-line-container" data-tab-size="8"> <TBODY> <TR> <TD class="blob-code blob-code-inner js-file-line"># Accepts multiple groups as comma-separated list.</TD> </TR> </TBODY> </TABLE> <TABLE class="highlight tab-size js-file-line-container" data-tab-size="8"> <TBODY> <TR> <TD class="blob-code blob-code-inner js-file-line">&nbsp;</TD> </TR> </TBODY> </TABLE> <TABLE class="highlight tab-size js-file-line-container" data-tab-size="8"> <TBODY> <TR> <TD class="blob-code blob-code-inner js-file-line">ATTRIBUTE Blue-Coat-Authorization 2 integer</TD> </TR> </TBODY> </TABLE> <TABLE class="highlight tab-size js-file-line-container" data-tab-size="8"> <TBODY> <TR> <TD class="blob-code blob-code-inner js-file-line">&nbsp;</TD> </TR> </TBODY> </TABLE> <TABLE class="highlight tab-size js-file-line-container" data-tab-size="8"> <TBODY> <TR> <TD class="blob-code blob-code-inner js-file-line">VALUE Blue-Coat-Authorization No-Access 0</TD> </TR> </TBODY> </TABLE> <TABLE class="highlight tab-size js-file-line-container" data-tab-size="8"> <TBODY> <TR> <TD class="blob-code blob-code-inner js-file-line">VALUE Blue-Coat-Authorization Read-Only-Access 1</TD> </TR> </TBODY> </TABLE> <TABLE class="highlight tab-size js-file-line-container" data-tab-size="8"> <TBODY> <TR> <TD class="blob-code blob-code-inner js-file-line">VALUE Blue-Coat-Authorization Read-Write-Access 2</TD> </TR> </TBODY> </TABLE> <TABLE class="highlight tab-size js-file-line-container" data-tab-size="8"> <TBODY> <TR> <TD class="blob-code blob-code-inner js-file-line">&nbsp;</TD> </TR> </TBODY> </TABLE> <P>END-VENDOR BlueCoat</P> <P>&nbsp;</P> <P>in some of the answers i am seeing a respond for group with integer which is not correct since in group we should send group name,</P> <P>&nbsp;</P> <P>based on your explanation you are only pushing read only or read-write which is identified as integer</P> <P>1 for read</P> <P>2 for read write</P> <P>&nbsp;</P> <P>can you please double check the dictionary</P> <P>then make sure your authorization profile pushing something like this.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Access Type = ACCESS_ACCEPT<BR />Blue-Coat-Authorization = 2&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>let me know how it goes</P> <P>&nbsp;</P> <P>Wishes,</P> <P>&nbsp;</P> Mon, 03 Jun 2019 21:47:33 GMT https://community.cisco.com/t5/network-access-control/bluecoat-proxy-ssg-300-25-administration-access-using-ise/m-p/3867083#M507494 yalbikaw 2019-06-03T21:47:33Z https://community.cisco.com/t5/network-access-control/bluecoat-proxy-ssg-300-25-administration-access-using-ise/m-p/3869812#M507495 <P>Hi,</P><P>for bluecoat admin access "result":</P><P>under "Advanced attributes settings" choose:</P><P>Radius:Service-Type = Administrative</P><P>&nbsp;</P><P>this will give attribute details as:</P><P>access type = ACCESS_ACCEPT</P><P>service-type = 5</P><P>&nbsp;</P><P>for bluecoat read-only&nbsp;access "result":</P><P>under "Advanced attributes settings" choose:</P><P>Radius:Service-Type = Login</P><P>&nbsp;</P><P>this will give attribute details as:</P><P>access type = ACCESS_ACCEPT</P><P>service-type = 1</P><P>&nbsp;</P><P>i believe on bluecoat side you also need to do some configurations unfortunately i cant remember what and where it should be configured.&nbsp; &nbsp;</P><P>&nbsp;</P><P>hope this helps.</P><P>&nbsp;</P> Sat, 08 Jun 2019 09:27:36 GMT https://community.cisco.com/t5/network-access-control/bluecoat-proxy-ssg-300-25-administration-access-using-ise/m-p/3869812#M507495 Meuserid1979 2019-06-08T09:27:36Z https://community.cisco.com/t5/network-access-control/bluecoat-proxy-ssg-300-25-administration-access-using-ise/m-p/3869813#M507499 p.s. that usnig the built-in ietf radius attributes Sat, 08 Jun 2019 09:28:35 GMT https://community.cisco.com/t5/network-access-control/bluecoat-proxy-ssg-300-25-administration-access-using-ise/m-p/3869813#M507499 Meuserid1979 2019-06-08T09:28:35Z