Solved: Assign an IP from ISE for every User

martucci · ‎03-23-2017

Hello,

a customer would like to do in ISE as it was possible in ACS where you could have a local account with an IP address associated to it.

In our case the user is a Remote Access user.

The accounts would be local to ISE (not AD) and could be more than 1000, so we cannot do it with a different rule for each user relying on different group policy on ASA or returning the IP from the AuthZ Policy.

Any idea on how to alternatively solve this issue?

Thanks

hslai · ‎03-23-2017

Have you already tried it and found it not working?

I believe we are able to do this similarly to ACS, by defining a custom user attribute. Assuming the remote access headends take Radius:Framed-IP-Address, we may assign the user attribute dynamically to that. Attached are screenshots from ISE 2.2.

View solution in original post

hslai · ‎03-23-2017

Have you already tried it and found it not working?

I believe we are able to do this similarly to ACS, by defining a custom user attribute. Assuming the remote access headends take Radius:Framed-IP-Address, we may assign the user attribute dynamically to that. Attached are screenshots from ISE 2.2.

martucci · ‎03-23-2017

Thanks a lot!

Yes, I did not think about that, thanks a lot