Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1201
Views
1
Helpful
2
Replies

ISE forwarding MAB Request to External Radius Server

Go to solution
Aditya Gupta
Cisco Employee
Cisco Employee

‎07-13-2018 01:22 AM

Hello Experts,

We are in middle of PoC for one of our customers with following requirement:

**Requirement**

Initially End User MAB should be authenticated by ISE Internal Database if mac address not found than the request needs to be sent & authenticate with external radius server (Mac server)

We Tried following:

Case -1 - If we Use external radius server configuration in ISE – ISE will relay all the request to External radius server it will not check internal database.

Case -2 - If we Use radius token server configuration in ISE – ISE will check its internal database and send the request to the radius token server but in that case ISE will change the mac address format.

                

            i.e. – ISE gets the request from the user with the mac address 1ad232dc2af4 and when ISE send the request to Radius token server it will change mac to 1A:D2:32:DC:2A:F4 but in Radius server database we have mac in this format1ad232dc2af4, So the response we get is “User Not Found”

please suggest if there is any other way to make customization on Cisco ISE

Thank you for your help.

Aditya Gupta

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
kthiruve
Cisco Employee
Cisco Employee
In response to kvenkata1

‎07-16-2018 11:51 AM

Please try this in advance attribute setting of ISE when you configure external Radius server and add it to Radius server sequence on the top. Hoping that the end point mac address is the calling station ID you are referring.

Thanks

Krishnan

View solution in original post

0 Helpful
2 Replies 2

Go to solution
kvenkata1
Cisco Employee
Cisco Employee

‎07-13-2018 03:59 PM

Radius Proxy & Radius token are the two ways to integrate external radius servers. In the Token option there is no possibility to customize the attributes. Please see Craig's response on this question.

Re: What attributes can we send from ISE to an external radius authentication servers

- Krish

Go to solution
kthiruve
Cisco Employee
Cisco Employee
In response to kvenkata1

‎07-16-2018 11:51 AM

Please try this in advance attribute setting of ISE when you configure external Radius server and add it to Radius server sequence on the top. Hoping that the end point mac address is the calling station ID you are referring.

Thanks

Krishnan

0 Helpful
Customers Also Viewed These Support Documents