This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Cisco ISE 2.3 Question:
I am trying to add a new 3rd Party Network Access Device Profile with its Vendor-Specific RADIUS dictionary. I am able to successfully configure Change Of Authorization (CoA) choices with the Vendor-Specific RADIUS dictionary attributes, but when I get to Redirect choosing Dynamic URL, I am only able to choose RADIUS dictionary attributes (RFC 2865) and not the Vendor-Specific RADIUS dictionary. When I try to manually type in the Vendor-Specific RADIUS dictionary attribute that I want to choose from the pull-down, I get a pop up with the error
Validation Errors: Device profile configuration is invalid: No dynamic URL attribute-value pair specified.
Afterwards, I am unable to update/submit the NAD Profile that I am trying create and have to exit without saving any its configuration.
Even if I were include Cisco in the RADIUS Dictionaries, the Redirect Dynamic URL Cisco Dictionary Attributes are not even showing up.
How can I properly configure a new 3rd Party Network Access Device Profile with its Vendor-Specific RADIUS dictionary.
Upgrade bundle for upgrading ISE version 2.2 to 2.3.
ise-upgradebundle-126.96.36.1998.SPA.x86_64.tar.gz, date 27-JUL-2017.
I took taken a look at this. Appears to be a known issue: CSCvc49267 that has existed in previous releases
The workaround is to save the profile without redirect option and edit it again.
Thanks, I finally figured that out late yesterday evening. However, I'm unable to view the bug CSCvc49267.
The problem I am facing now with the custom Network Device Profile and associating it with the custom Network Access Device is after ISE deems endpoint as Posture Unknown and URL Redirection occurs at the PC, the NAC Agent is not being downloaded automatically to the PC as when I associate the custom NAD with the default Cisco NDP.
I have two wireshark files that I can send you directly as I am unable to attach .pcap files to this post.
ISE is working with many third part party NADs from different manufacturers. These capabilities are available well before ISE 2.3
I am not able to provide the level of support you are looking. Suggest to raise an SR or work through your account team if this is a POC. Alternatively can reach out on ISE community pages:
There is also a specific area on the communities page on this topic