cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
Register for the monthly ISE Webinars to learn about ISE configuration and deployment.
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

47
Views
0
Helpful
1
Replies
Cisco Employee

RADIUS proxy to ISE with accounting only for SGT-IP mappings

Looking for a design validation for a customer.

 

Customer is using Clearpass for wireless and wants to do:

- RADIUS proxy from Clearpass to ISE but only with RADIUS accounting to extract the username. Clearpass is performing the Authentication/Authorization and these 2 are not proxied

- ISE will then retrieve the AD groups associated to the username and use it to map an SGT.

- This SGT-IP mapping will then be sent via SXP to FMC-FTD for enforcement.

 

Is this a supported design? Do we use the same design criterias for scalability based on concurrent endpoints in this scenario and the same licensing consumption?

 

Thanks

1 REPLY 1
Highlighted
Cisco Employee

Re: RADIUS proxy to ISE with accounting only for SGT-IP mappings

Employees are encouraged to use the internal forum for questions

Ask ISE

 

Please reach out to us since this is design related. It needs more information or a further discussion to understand use case, solution options etc.

 

-Krishnan