04-20-2020 01:09 PM
Hello ,
is there a way to create a policy based on DestinationPort radius attribute ? (1812 or 1645)
Thanks in advanced .
Spyros
Solved! Go to Solution.
04-20-2020 06:12 PM
I don't believe it is possible to create policy based on that value. There is no such attribute in the RADIUS RFC2865 and there are no Cisco-specific attributes that include this info in the supported ISE Network Access Attributes.
If you're wanting to create different policies based upon the Network Device initiating the RADIUS request, the common approach is to create Network Device Groups and use those as conditions in your policies.
04-21-2020 06:14 AM
We found a solution
In ASA we make the requests from different ip addresses (interfaces).
In ISE the policy matches with the NAS IPv4 Address which is different .
04-20-2020 05:16 PM
04-20-2020 06:12 PM
I don't believe it is possible to create policy based on that value. There is no such attribute in the RADIUS RFC2865 and there are no Cisco-specific attributes that include this info in the supported ISE Network Access Attributes.
If you're wanting to create different policies based upon the Network Device initiating the RADIUS request, the common approach is to create Network Device Groups and use those as conditions in your policies.
04-20-2020 11:40 PM - edited 04-21-2020 12:21 AM
Thank you for your quick reply ,
Greg you are right there is no such attribute in RFC .
I saw it in ISE in Authentication details (other attributes) that's why i am asking.
I want to create a policy for requests coming from the same device , (an ASA) with two authentication methods (primary,secondary).
The primary authentication should match the first policy and the secondary the other .
04-21-2020 06:14 AM
We found a solution
In ASA we make the requests from different ip addresses (interfaces).
In ISE the policy matches with the NAS IPv4 Address which is different .
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide