Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5050
Views
6
Helpful
10
Replies

CIsco ISE with HP and Fortigate

Go to solution
nimmi.phasil
Level 1
Level 1

‎04-22-2016 12:33 AM - edited ‎03-10-2019 11:41 PM

Hi ,

I have configured HP switches 5820X and 5130 for AAA radius authentication with Cisco ISE 2.0.0.306 .

The switch receives successful authorization reply ; but unable to login . What would be the advanced attributes for Radius Authorization profile in 

ISE ?

Also , does ISE support Fotigate firewalls ?

1 person had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
jan.nielsen
Level 7
Level 7
In response to jan.nielsen

‎04-22-2016 05:29 AM

Oh, and yes ISE supports any device that uses rfc compliant radius, it's usually only a matter of finding out what av-pairs to send back to that specific device, there is not really any standard for that.

View solution in original post

Go to solution
jan.nielsen
Level 7
Level 7
In response to nimmi.phasil

‎04-22-2016 07:22 AM

Did you read the link i attached earlier, is your config on your swith setup like that, with both authentication and accounting configured ? maybe have a read through the comments on the link i sent you, to see what other people have had problems with. I'm pretty sure it's on the switch you need to find your problem. Oh, and actually i don't think you need the quotes

View solution in original post

0 Helpful
10 Replies 10

Go to solution
jan.nielsen
Level 7
Level 7

‎04-22-2016 05:28 AM

According to the link, HP expects a role to be returned as a Cisco-AVPair, you should try adding that to your authorization profile :

Cisco-avpiar = shell:roles=”network-admin”

https://abouthpnetworking.com/2014/03/16/comware7-radius-based-rbac-user-role-assignment/

0 Helpful

Go to solution
jan.nielsen
Level 7
Level 7
In response to jan.nielsen

‎04-22-2016 05:29 AM

Oh, and yes ISE supports any device that uses rfc compliant radius, it's usually only a matter of finding out what av-pairs to send back to that specific device, there is not really any standard for that.

Go to solution
Jeffrey Jones
Level 5
Level 5
In response to jan.nielsen

‎12-22-2016 11:56 AM

so your using cisco av-pair with HP switches?

0 Helpful

Go to solution
nimmi.phasil
Level 1
Level 1
In response to jan.nielsen

‎04-22-2016 06:04 AM

Hi Jan,

Tried

 Cisco:cisco-av-pair shell:roles=network-admin

Radius:Service-Type Administrative/Login/NAS Prompt

HP:HP-Privilege-Level 3

The server sends authorization successful messages with all combinations ; switch receives the message.

But login failed message is shown.

0 Helpful

Go to solution
jan.nielsen
Level 7
Level 7
In response to nimmi.phasil

‎04-22-2016 06:28 AM

Did your put network-admin in quotes?

Preview file
7 KB
0 Helpful

Go to solution
nimmi.phasil
Level 1
Level 1
In response to jan.nielsen

‎04-22-2016 07:14 AM

Tried with quotes

0 Helpful

Go to solution
jan.nielsen
Level 7
Level 7
In response to nimmi.phasil

‎04-22-2016 07:22 AM

Did you read the link i attached earlier, is your config on your swith setup like that, with both authentication and accounting configured ? maybe have a read through the comments on the link i sent you, to see what other people have had problems with. I'm pretty sure it's on the switch you need to find your problem. Oh, and actually i don't think you need the quotes

0 Helpful

Go to solution
nimmi.phasil
Level 1
Level 1
In response to jan.nielsen

‎04-25-2016 02:24 AM

Hi Jan,

The issue is resolved when accounting is configured.

Thank You !

Go to solution
Scott Parish
Level 1
Level 1

‎05-18-2016 07:49 AM

Nimmi,

Did you ever get ISE and Fortigate working together?

Scott

0 Helpful

Go to solution
sajid231088
Level 1
Level 1

‎05-26-2018 02:45 AM

Could you please share HP switch configuration.

 

I tried to do it but couldn't het any success. 

0 Helpful
Customers Also Viewed These Support Documents