12-12-2012 04:00 AM - edited 03-10-2019 07:53 PM
Hi All,
I would like to authenticate client by using External RADIUS. Once I create authentication policy using the new compound condition (wireless dot1x + Radius Username Matches "domainB\") I would like to forward the user authentication who make an authen using domainB\username to the External RADIUS Server Sequence. But when I check on the authentication dashboard, it still authenticate using the default authentication rule.
Please suggest about this scenario.
Regards,
Sent from Cisco Technical Support Android App
12-13-2012 08:49 PM
Hi,
Can you please post a screenshot of the authentication policy and the attributes from the monitoring report?
Tarik Admani
*Please rate helpful posts*
12-16-2012 09:22 PM
Hi, Tarik,
Please see screenshots of the authentication policy I have created.
Thanks,
Pongsatorn
12-17-2012 04:59 AM
Can you please also share a copy of the authentication details for requests that do not match as expected.
This should also giev soem additional information
12-17-2012 08:28 PM
Hi jrabinow,
Which details you would like to see ?
Here is some infos.
ISEs are deployed in 2 domains such as "acme.com" and "sub.acme.com"
Each domain does not make a trusted relationship so these 2 domains cannot communicate between them.
Each domain has owned Enterprise Root CA (Microsoft)
Client who need to access the network need to authenticate with EAP-TLS.
My environment
My ISE node joined into domain "acme.com"
User will be "name1@acme.com"
Once the user from "name2@sub.acme.com" try to authenticate, I would like to forward the RADIUS request from ISEs (acme.com) to other ISEs (sub.acme.com)
After ISEs in "sub.acme.com" return RADIUS-ACCEPT then ISEs in "acme.com" will process an authorization policy.
Regards,
Pongsatorn
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide