Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
882
Views
0
Helpful
3
Replies

Juniper Web Redirection

Go to solution
Joseph Swanson
Level 4
Level 4

‎03-21-2016 06:47 AM

Can someone help me with the below request?  Juniper is in my account and doesn’t support Web Redirection today.  They would like to add this feature to their switches.  Do we support anything they will send us or are we looking for specific attributes?  My customer is using ISE 2.0.


---------------------------------------

      We would like to add some additional functionality for supporting Cisco’s URL-redirect format. If you could provide me with the message format that is required, I should be able to make this happen in support of the customer. We would want to use the method that uses MAC/IP, not the SessionID. I basically need to know what attributes and format the ISE server is expecting from a third-party switch.

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

‎03-21-2016 08:28 AM

Hi Joseph,

We support all standards-based RADIUS messaging.  For advanced functionality (BYOD, MDM, Posture, etc), the network access device must support RADIUS Change of Authorization and URL-Redirect.  In ISE 2.0, we introduced support for 3rd party CoA and URL-redirect messaging in addition to the Cisco VSA.  Take a look at the network access device profiles for 3rd party switches in ISE 2.0 to get a sense of what we can work with.

Regards,

-Tim

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

‎03-21-2016 08:28 AM

Hi Joseph,

We support all standards-based RADIUS messaging.  For advanced functionality (BYOD, MDM, Posture, etc), the network access device must support RADIUS Change of Authorization and URL-Redirect.  In ISE 2.0, we introduced support for 3rd party CoA and URL-redirect messaging in addition to the Cisco VSA.  Take a look at the network access device profiles for 3rd party switches in ISE 2.0 to get a sense of what we can work with.

Regards,

-Tim

0 Helpful

Go to solution
Craig Hyps
Level 10
Level 10
In response to Timothy Abbott

‎03-21-2016 01:02 PM

Joseph,

This is a question which we already discussed directly and should be followed up as part of customer sales process.

Per this discussion, the NAD profile defines what we expect from 3rd-party NAD.  The Authorization Profile defines what is sent to NAD.

/Craig

0 Helpful

Go to solution
Renne Stuart
Level 1
Level 1

‎01-31-2019 12:51 PM

The issue we are currently having is getting ISE to work with our Juniper switches.

The main issues is that Web Authentication is not working, this is a feature not supported in the code of software we are running

 

Switch - Juniper EX200-24p

 

JUNOS 12.3R12-S10 – current version of software recommended by Juniper

JUNOS 15.1R3 – working version not recommended on our model of switch

 

I don’t know if there is a workaround for this but Juniper have advised us to upgrade the switches to a higher model which we cannot do as we have 1300 of these switches!

0 Helpful
Customers Also Viewed These Support Documents