Solved: Re: NetworkAccess UseCase value settings

cgm · ‎01-18-2020

Hi,

I'm trying to nail some topics on ISE configuration, and understand the logic of the flows so to say.

There are indeed some good documents out there, but I'm missing some details.

Some flows use NetworkAccess (dictionary?) UseCase (attribute?) to "stitch" e.g. CWAn to AuthZ rules, but I have not seen a definition of when and who does set that value.

Same attribute (which is declared as INT) has values like "Guest Flow", "Host Lookup", "Eap Chain", and may be others. Is there a document that describes this in detail ?

TIA.

hslai · ‎01-19-2020

This particular attribute is enumeration and the allowed values are in the system dictionary, as shown below, and should be self-explanatory. You are correct that its value can be overwritten. For example, for CWA, the endpoint session will start off as Host Lookup and then later Guest Flow.

View solution in original post

hslai · ‎01-18-2020

Most of these attributes are specific to some use cases. For example, "Guest Flow" is set after the user completes CWA login; "Host Lookup" is for MAB auth; "EAP Chaining" is specific to authentications tying to that.

The way I have learned to use them is to examine the auth details reports and then try them out as conditions.

cgm · ‎01-19-2020

I see,

but it surprises me (in a bad way) that (if?) this is not documented. From an information point of view, I would suspect that this "attribute" has an owner and a meaning attached to its values.

If it is just a tag used when some flow sees fit, what precludes one use case from trashing some other ?

Being a INT somehow leads me to believe there is a dictionary and a clear definition of what values are there (and what they mean). I have not been able to find it though.

Thanks!

hslai · ‎01-19-2020

This particular attribute is enumeration and the allowed values are in the system dictionary, as shown below, and should be self-explanatory. You are correct that its value can be overwritten. For example, for CWA, the endpoint session will start off as Host Lookup and then later Guest Flow.

cgm · ‎01-21-2020

Nice, but that's only an enumeration of the dictionary.

It's not at all self evident (to me?) what Proxy means. I would love to have a document that clearly states which component sets this value on what conditions.

Thanks anyway!

Jason Kunst · ‎01-27-2020

@cgm wrote:

Nice, but that's only an enumeration of the dictionary.

It's not at all self evident (to me?) what Proxy means. I would love to have a document that clearly states which component sets this value on what conditions.

Thanks anyway!

Please open a tac case with defect requesting that

cgm · ‎01-27-2020

I would, if I had a support contract :)

On a subtler subject, how come this thread went to "accepted solution" state without my action ? Kind of missleading since it was my question.

Jason Kunst · ‎01-27-2020

@cgm wrote:

I would, if I had a support contract :)

On a subtler subject, how come this thread went to "accepted solution" state without my action ? Kind of missleading since it was my question.

Its resolved as far as the forum can take it. If you don't have a support contract then we request doc team to take this on as a project. It's not something that's going to happen organically here