12-12-2012 04:00 AM - edited 03-10-2019 07:53 PM
Hi All,
I would like to authenticate client by using External RADIUS. Once I create authentication policy using the new compound condition (wireless dot1x + Radius Username Matches "domainB\") I would like to forward the user authentication who make an authen using domainB\username to the External RADIUS Server Sequence. But when I check on the authentication dashboard, it still authenticate using the default authentication rule.
Please suggest about this scenario.
Regards,
Sent from Cisco Technical Support Android App
12-13-2012 08:49 PM
Hi,
Can you please post a screenshot of the authentication policy and the attributes from the monitoring report?
Tarik Admani
*Please rate helpful posts*
12-16-2012 09:22 PM
Hi, Tarik,
Please see screenshots of the authentication policy I have created.
Thanks,
Pongsatorn
12-17-2012 04:59 AM
Can you please also share a copy of the authentication details for requests that do not match as expected.
This should also giev soem additional information
12-17-2012 08:28 PM
Hi jrabinow,
Which details you would like to see ?
Here is some infos.
ISEs are deployed in 2 domains such as "acme.com" and "sub.acme.com"
Each domain does not make a trusted relationship so these 2 domains cannot communicate between them.
Each domain has owned Enterprise Root CA (Microsoft)
Client who need to access the network need to authenticate with EAP-TLS.
My environment
My ISE node joined into domain "acme.com"
User will be "name1@acme.com"
Once the user from "name2@sub.acme.com" try to authenticate, I would like to forward the RADIUS request from ISEs (acme.com) to other ISEs (sub.acme.com)
After ISEs in "sub.acme.com" return RADIUS-ACCEPT then ISEs in "acme.com" will process an authorization policy.
Regards,
Pongsatorn
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: