Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
977
Views
0
Helpful
3
Replies

multi LNS server IP balanced by ISE response

Go to solution
Weiborao
Cisco Employee
Cisco Employee

‎08-10-2017 08:57 AM

Hi, Dear ISE Experts

My customer have L2TP authentication requirement, need ISE to return LNS server IP to LAC. Customer have multiple LNS servers, hope ISE can return LNS server IP with round robin. Does ISE support it?

If not support round robin, does ISE support returning multiple LNS IP addresses to the LAC ?

BTW, all LAC authentication will use same user name with no password.(or we can say no authentication required)

Thanks

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎08-12-2017 08:36 PM

Please consult with the support teams for the network device platform as to the specifics to return from a RADIUS server.

For instance, VPDN Configuration Guide, Cisco IOS Release 12.4 - Configuring AAA for VPDNs [Cisco IOS Software Releases 12.4 Mainline] - Cisco mentions to use either Cisco VSA (cisco-av-pair) or RADIUS tunnel attributes. The examples I found are all using very old ACS releases, but I believe they would be similar to the following ISE authorization profiles.

Screen Shot 2017-08-12 at 8.16.01 PM.png

Screen Shot 2017-08-12 at 8.35.47 PM.png

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Weiborao
Cisco Employee
Cisco Employee

‎08-10-2017 09:29 AM

Hi Jason

Yes you are right.

I am working with David Li, who is the local Security Expert in China Team.

I think it is the LAC that decide how to load-balancing between the LNS addresses returned from the attribute 67.

67

Tunnel-Server-Endpoint

IP address of the LNS that establishes a tunnel. The IP address is in dotted decimal notation. A tag can deliver a maximum of eight IP addresses, with each IP address separated by a space. Multiple IP addresses work in primary/secondary mode.

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee

‎08-12-2017 08:36 PM

Please consult with the support teams for the network device platform as to the specifics to return from a RADIUS server.

For instance, VPDN Configuration Guide, Cisco IOS Release 12.4 - Configuring AAA for VPDNs [Cisco IOS Software Releases 12.4 Mainline] - Cisco mentions to use either Cisco VSA (cisco-av-pair) or RADIUS tunnel attributes. The examples I found are all using very old ACS releases, but I believe they would be similar to the following ISE authorization profiles.

Screen Shot 2017-08-12 at 8.16.01 PM.png

Screen Shot 2017-08-12 at 8.35.47 PM.png

0 Helpful

Go to solution
Weiborao
Cisco Employee
Cisco Employee
In response to hslai

‎08-13-2017 02:56 AM

Hi, hslai

Thank you very much for you reply and contribution.

0 Helpful
Customers Also Viewed These Support Documents