Hi there,
I am deploying an ISE solution for a client who is using to authenticate a wide range of services. With the introduction of 'Device Administration Policy Sets', TACACs requests are handled and configured in a separate section. However RADIUS requests are still configured in the regular Policy Sets.
I have a seperate condition each to match wired and wireless RADIUS requests, however I am looking for a condition that matches device admin RADIUS requests, so I can handle the requests in their own policy set.
I am thinking I can match on something like:
RADIUS:NAS-Port-Type = Virtual
&
(Network Access:AuthenticationMethod = PAP_ASCII or CHAP/MD5)
But I just want to confirm that this will match all RADIUS admin requests, regardless of vendor or device type? Or is there a better way to do this?
Regards,
Brett