cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

357
Views
10
Helpful
4
Replies
Highlighted
Beginner

ISE normalized radius vs radius attributes

What is the difference between an ISE normalized radius attribute vs an ISE radius attribute?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

Re: ISE normalized radius vs radius attributes

The following is what I needed to know. Here is a great answer provided by Arne Bier.

Re: Use Cases for various RADIUS Attributes in Cisco ISE

 

 

Hi @Maurice Ball 

 

A Normalised RADIUS attribute in ISE is a convenient abstraction that allows us to use a common attribute in our Policy Set Logic in a multi-vendor environment. E.g. if you have a mix of Cisco and Aruba WLC's, then you can either do it the hard way, by checking for the vendor specific attributes used, e.g. Cisco uses attribute Called-Station-ID for the SSID, and Aruba uses Aruba-Essid-Name.  Perhaps a bad example, because I am no Aruba guru ;-) - but you get the point. There are other instances where vendor A signals a MAB Auth request with Service-Type = "Call-Check" and another vendor uses Service-Type = "Blah".  Cisco ISE has multi-vendor support, and as long as you set the NAS with the correct Device Vendor Type ("Device Profile") then ISE does the internal mapping for you. Then you can use abstractions like Normalised Radius SSID which is vendor agnostic. You no longer need to care how it works under the hood.

Other abstractions are things like the Compound Conditions like Wireless_8021X and Wired_802.1X - have a look at those in detail and you can see that each vendor does it slightly differently.

View solution in original post

4 REPLIES 4
Highlighted

Re: ISE normalized radius vs radius attributes

Highlighted
Beginner

Re: ISE normalized radius vs radius attributes

I do not see the answer to my question in the post listed below.

Highlighted
VIP Collaborator

Re: ISE normalized radius vs radius attributes

They represent separate attributes that you can reference as conditions in your ISE policies. The breakdown of attributes for radius vs normalized radius attributes is covered perfectly here:
https://community.cisco.com/t5/security-documents/ise-network-access-attributes/ta-p/3616253#toc-hId--26278376
HTH!
Highlighted
Beginner

Re: ISE normalized radius vs radius attributes

The following is what I needed to know. Here is a great answer provided by Arne Bier.

Re: Use Cases for various RADIUS Attributes in Cisco ISE

 

 

Hi @Maurice Ball 

 

A Normalised RADIUS attribute in ISE is a convenient abstraction that allows us to use a common attribute in our Policy Set Logic in a multi-vendor environment. E.g. if you have a mix of Cisco and Aruba WLC's, then you can either do it the hard way, by checking for the vendor specific attributes used, e.g. Cisco uses attribute Called-Station-ID for the SSID, and Aruba uses Aruba-Essid-Name.  Perhaps a bad example, because I am no Aruba guru ;-) - but you get the point. There are other instances where vendor A signals a MAB Auth request with Service-Type = "Call-Check" and another vendor uses Service-Type = "Blah".  Cisco ISE has multi-vendor support, and as long as you set the NAS with the correct Device Vendor Type ("Device Profile") then ISE does the internal mapping for you. Then you can use abstractions like Normalised Radius SSID which is vendor agnostic. You no longer need to care how it works under the hood.

Other abstractions are things like the Compound Conditions like Wireless_8021X and Wired_802.1X - have a look at those in detail and you can see that each vendor does it slightly differently.

View solution in original post