ISE as radius for Opengear

shados · ‎08-23-2024

Hello,

I'm trying to configure Opengear to authenticate agaisnt ISE (radius) but no luck.

https://resources.opengear.com/lighthouse/manuals/23.10/Content/Radius_Configuration.htm

I can't find Framed-Filter-ID within authorization profile or radius configurations.

have someone ever did ad auth for opengear? Please help

ccieexpert · ‎08-23-2024

hi have you looked here ..see the screenshot under authorization policy and condition.

JPavonM · ‎08-26-2024

It the IETF RADIUS attribute is not recognised by OpenGear (maybe becuase it is not the same Attribute number), you may need to create a custom dictionary for them.

I've had to do that for Forescout, F5 and others.

HEre you can find some, but not OpenGear, so if the workaround that @ccieexpert told you before doesn't work, you may need to ask their support for the correct RADIUS Att number and use one of the dictionaries as an example.

https://github.com/boundary/wireshark/tree/master/radius

ahollifield · ‎08-26-2024

Why not use TACACS+ for OpenGear instead?

shados · ‎08-26-2024

Is there a guide on how to setup ISE TACACS for Opengear?

ahollifield · ‎08-26-2024

https://resources.opengear.com/lighthouse/manuals/23.10/Content/TACACS_configuration.htm

https://cs.co/ise-interop

shados · ‎08-26-2024

that's for TACACS+ not for ISE. Is there a way to adapt those settings for ISE?

ahollifield · ‎08-26-2024

What do you mean? You just create a custom TACACS+ Profile containing the group membership text as outlined in the article.

john-philbin · ‎09-16-2024

If you need to use OTP, than I think RADIUs might be the only answer.

shados · ‎08-28-2024

Is there a guide on how to do that?

ahollifield · ‎08-28-2024

https://community.cisco.com/t5/security-knowledge-base/cisco-ise-device-administration-prescriptive-deployment-guide/ta-p/3738365

bmccollam77 · ‎05-21-2025

I have OpenGear working with radius in ISE 3.1

You'll need to make sure you configure the proper Authorization Profile.