Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
552
Views
1
Helpful
1
Replies

ISE Authorization when using proxy RADIUS for Authentication

cs_macker
Level 1
Level 1

‎01-04-2018 08:26 AM

Hi All,

I am trying to develop a policy that will allow me to apply ISE Authorization when using a proxy RADIUS server

I believe I have the authentication part sussed. I.E if: wired 802.1x Use proxy Service: <external identity sequence>

The difficult I am having is matching this with a condition on the Authorization policy. For example, I would like the authorisation policy to say something along the lines of:

If: Proxy RADIUS state is active -  Then: <Permissions>

or

If: Proxy Radius authentication successful - Then: <permissions>

I need this match as I am trying to authenticate 2 different groups of users using 802.1x via two different authentication methods (external RADIUS server and AD)

Do you have any ideas as to which conditions could be used to achieve this? below image included to try and demonstrate what I am trying to achieve:

ProxyRadiusAuthorization.png

Many Thanks in advance

Paul

0 Helpful
1 Reply 1

paul
Level 10
Level 10

‎01-05-2018 06:44 AM

How are you driving the authentication to your Proxy RADIUS server vs. AD?  It looks like you have Wired_802.1x in both lines.

Are the proxy RADIUS usernames also in AD?  If not you simply could add an AD group criteria to your authorization rules for the AD users.  The proxy RADIUS users wouldn't pass that criteria.

Also the Network Access->AuthenticationIdentityStore condition may tell you what you need as well.

Customers Also Viewed These Support Documents