Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1357
Views
0
Helpful
1
Replies

Configuring Cisco ISE for Authorization with External Radius Server attribute

senti_2k2
Level 1
Level 1

‎03-19-2013 09:18 AM - edited ‎03-10-2019 08:13 PM

Hi,

I'm trying to integrate an external radius server with Cisco ISE.

I created an External Identity Store>Radius Token Server.

I created a Identity Store sequence with just one identity store just as creadted above.

And I was able to authenticate successfully.

But when it comes to authorization.

I observed we just have one tab named Authorization while creating Radius Token server.

And it always refers to ACS:attribute_name.

If I want to define a IETF radius attribute, (lets say class with attribute id as 25), how could I do it.

In Cisco ACS we have a direct entry option in authorization tab where we can define the radius (IETF) attribute within Radius token server creation (within radius token server>Directory attribute tab).

How ever I try to define the IETF attribute here (class,IETF:Class) I am not able to authorize with this attribute value.

I tried with just one single authorization rule where it could hit.But observed it to go the default(as none of the rules defined matches the condition).

Can anyone guide me how can we define a IETF radius attribute for authorization within Cisco ISE and what policy could we set it to work as authorization.

Thanks in advance

Senthil K

Labels:
0 Helpful
1 Reply 1

bhthapa
Level 1
Level 1

‎04-10-2013 10:52 AM

This is the step of Creating and Editing RADIUS Vendors

To create and edit a RADIUS vendor, complete the following steps:

Step 1 From the Administration mega menu, choose Resources > RADIUS  Vendors.

The RADIUS Vendors page appears with a list of RADIUS vendors that ISE  supports.

Step 2 Click Create to create a new RADIUS vendor or click the radio  button next to the RADIUS vendor that

you want to edit and click Edit.

Step 3 Enter the following information:

• Name—(Required) Name of the RADIUS vendor.

• Description—An optional description for the vendor.

• Vendor ID—(Required) The Internet Assigned Numbers Authority  (IANA)-approved ID for the

vendor.

• Vendor Attribute Type Field Length—(Required) The number of bytes  taken from the attribute value

to be used to specify the attribute type. Valid values are 1, 2, and 4.  The default value is 1.

• Vendor Attribute Size Field Length—(Required) The number of bytes  taken from the attribute value

to be used to specify the attribute length. Valid values are 0 and 1.  The default value is 1.

Step 4 Click Submit to save the RADIUS vendor.

0 Helpful
Customers Also Viewed These Support Documents