10-28-2019 01:21 AM - edited 10-28-2019 01:22 AM
One of my client are rolling out LTE devices (IMSI) and would like to use ISE as Radius and push 4 IP addresses in the form of framed-route.
Radius attribute = 22
How do we setup ISE to push /29 Framed-Route every time an LTE device (IMSI) comes online.
Every IMSI will have an unique IP, in addition it needs another minimum 4 IP addresses for 4 different applications.
Not sure, how to define AuthC and AuthZ Policy on ISE to support this.
We are talking around 2000 devices.
Thank you in advance for your help.
Cheers
Sanjay
10-28-2019 10:22 PM
I am not familiar with IMSI, but is it going to be specific 4 IPs given an endpoint or does it needs to be assigned from a pool? If former, then based on identity one could send back the 4 IPs as it connects. But, mapping of identity and the 4 IPs needs to be maintained within ISE. As I never worked with IMSI, I can't comment on which can be used for identity. If latter, then there is currently no way to do this natively.
10-30-2019 04:57 AM
Hi
I can relate a similar customer use case where a Cisco ISE router has a cellular modem and when this modem is activated to the ISP, the ISP makes a RADIUS request to ISE to authenticate the IMSI (Mobile SIM ID). The authentication is a simple PAP auth and we return some values like Framed IP address and default gateway etc.
The question is: where do you want to store the mapping of IMSI --> IP attributes? Easiest answer ... by using ISE Internal User Database. Create your IMSI users, and then assign custom attributes to them - e.g.
YOu can also exract all this from AD or LDAP or ODBC.
The Authorization results will look something like this
06-30-2020 09:38 PM
Thank you Arne. This is helpful. I configured ISE with these customer attributes. I can see that the Framed-IP-Address works. But Framed-Route doesn't work.
I defined Framed-Route as "String" and give it a value in two formats. But none of them worked.
Format 1: 10.1.1.0/24
Format 2: 10.1.1.0/24 0.0.0.0 1
The second one is following RFC recommendation. Now, I'm not sure what's next. Can you please give more detailed information on how to configure Framed-Route on ISE 2.3?
07-01-2020 03:58 PM
String is correct. Have a look at the example for IOS devices, check out the debug in link below.
07-01-2020 04:55 PM
Thank you for the confirmation.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: