08-10-2017 01:47 AM
Hello
I was wondering that if its possible to perform authentication, authorization and accounting of Huawei switches using AAA Radius. I have successfully done authentication and authorization using TACACS but I want to implement it using AAA Radius. Any guidance would be appreciated.
Solved! Go to Solution.
08-12-2017 08:13 AM
I did a step-by-step write up on using ISE as a RADIUS server for device management with AD credentials.
Cisco ISE: Device Administration with AD Credentials using RADIUS – WiFi Workshop
08-10-2017 04:10 PM
Wouldn't that be something you'd find in a Huawei device configuration guide? ISE will behave like any other Radius server at that point
08-11-2017 06:36 AM
Hi Suneel Waqas
As said by Arne Bier, you have to search in first time the different attributes to be used by Huawei devices if they don't use RADIUS IETF RFC2856 attributes.
From ISE side you have to configure the following:
1. Add the device in the appropriate group.
2. Create new allowed protocols based on the vendor guides. Policy ==> Policy Elements ==> Authentication ==> Allowed Protocols.
3. Create a new authorization Profile: Policy ==> Policy Elements ==> Results (If you are using ISE 2.3) ==> Authorization ==> Authorization Profiles.
// If you are using ISE 2.2 you have to enable the Policy Sets from Administration ==> Settings)
// The Authorization Profile must contains the Vendror Specific Attribute (Huawei) or Standard Attributes.
4. Create a new Policy Set in Policy ==> Policy Sets
a. Choose your Conditions and Choose the Allowed Protocols previously created in the Step 2.
b. The authentication Policy is not mandatory if you have added the appropriate conditions in the step 2.
c. Create an Athorization Policy and add the conditions and add the Authorization Profile previously created in the Step 3 as Results Profiles
Please don't hesitate if you need any further information.
Best regards
08-12-2017 08:13 AM
I did a step-by-step write up on using ISE as a RADIUS server for device management with AD credentials.
Cisco ISE: Device Administration with AD Credentials using RADIUS – WiFi Workshop
04-26-2024 07:34 AM
Hi Sean the link don´t work. Do you have a new one?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide