Solved: Radius attribute Class (25) as a condition in AuthZ policy

sahaputh · ‎04-26-2016

Hi,

How can we configure Radius attribute Class (25) as a condition in AuthZ policy?

This is a Anyconnect scenario,where user authentication from ASA (Radius Access-Request) is sent to ISE and ISE send it to an external Radius server (Proxy Service). External Radius server is sending Access-Accept with the corresponding class attribute. How can we use this received class attribute as a condition in authorization policy. I noticed in dictionaries, Radius Class (ID 25) direction is preconfigured with "OUT" and can't change it since it's System defined. Is there's a way to accomplish this?

Thanks!

TK.

Jason Kunst · ‎04-27-2016

This is not a current option. Working this offline to address the use case to see if its a feature request

View solution in original post

Jason Kunst · ‎04-27-2016

This is not a current option. Working this offline to address the use case to see if its a feature request

Jatin Katyal · ‎12-06-2017

Did we make any progress to have Radius Attribute Class (25) as a condition in authorization policy.

~ Jatin

~Jatin

hslai · ‎12-06-2017

Nope. This is tracked by CSCus80472. I will add a release note enclosure in a moment so expect it externally visible in a day or two.

Radius attribute Class (25) as a condition in AuthZ policy

RADIUSのAuthenticator headerとMessage-Authenticator attributeに関して

RADIUSのUser-Password attributeに関して

Policy Set with Multiple Authz Conditions

D301 Duo Release Notes for October 25, 2024

ISE - CSCwn63678 - Radius Accounting Reports (versão Português)