Accepted Solutions
Hi @mstefanka
You didn't say which Radius attributes you want to send, but I made an example for you.
Can you share the screen shot of the ACS example, so that we can help you replicate the same thing in ISE?
I hope I understood your question correctly. You can indeed return multiple copies of the same Radius attribute for an authentication. It takes a bit of work. In my bogus example I have an internal ISE user called "bob" and bob has two default IPv4 routes.
First I define the custom user attributes as below
Then I assign some values to the user bob
And finally, you have to create an Authorization Profile to insert the custom attributes
I used the Freeradius command "radtest" to send a request to ISE
$ radtest bob Cisco123 192.168.0.221 1 sharedsecret
Sent Access-Request Id 100 from 0.0.0.0:58396 to 192.168.0.221:1812 length 73
User-Name = "bob"
User-Password = "Cisco123"
NAS-IP-Address = 192.168.0.212
NAS-Port = 1
Message-Authenticator = 0x00
Cleartext-Password = "Cisco123"
Received Access-Accept Id 100 from 192.168.0.221:1812 to 0.0.0.0:0 length 142
User-Name = "bob"
Framed-Route = "1.1.1.1"
Framed-Route = "1.1.1.2"
Class = 0x434143533a633061383030646446454633764550434f396666544a3744587a3835633342705a5f365071634f416d6f2f5a6c386c445959343a69736530312f3334323933323830352f313030363234
Message-Authenticator = 0xc2e002902013ccf9df527645cdc4e447
Hi @mstefanka
You didn't say which Radius attributes you want to send, but I made an example for you.
Can you share the screen shot of the ACS example, so that we can help you replicate the same thing in ISE?
I hope I understood your question correctly. You can indeed return multiple copies of the same Radius attribute for an authentication. It takes a bit of work. In my bogus example I have an internal ISE user called "bob" and bob has two default IPv4 routes.
First I define the custom user attributes as below
Then I assign some values to the user bob
And finally, you have to create an Authorization Profile to insert the custom attributes
I used the Freeradius command "radtest" to send a request to ISE
$ radtest bob Cisco123 192.168.0.221 1 sharedsecret
Sent Access-Request Id 100 from 0.0.0.0:58396 to 192.168.0.221:1812 length 73
User-Name = "bob"
User-Password = "Cisco123"
NAS-IP-Address = 192.168.0.212
NAS-Port = 1
Message-Authenticator = 0x00
Cleartext-Password = "Cisco123"
Received Access-Accept Id 100 from 192.168.0.221:1812 to 0.0.0.0:0 length 142
User-Name = "bob"
Framed-Route = "1.1.1.1"
Framed-Route = "1.1.1.2"
Class = 0x434143533a633061383030646446454633764550434f396666544a3744587a3835633342705a5f365071634f416d6f2f5a6c386c445959343a69736530312f3334323933323830352f313030363234
Message-Authenticator = 0xc2e002902013ccf9df527645cdc4e447
