cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
421
Views
0
Helpful
1
Replies

Radius proxy use cases

dgaikwad
Level 5
Level 5

Hi There,

There is an option on ISE where it could be used as a radius proxy server.
I am quite curious what could be such use case where this could be implemented?
Could you please list and explain such use cases?

Thank you

1 Accepted Solution

Accepted Solutions

paul
Level 10
Level 10

Are you asking when to use RADIUS proxy vs. RADIUS token server setup?  Or just why would you send request to another RADIUS server?

 

If you are asking the first one basically it boils down to being able to pass back all the attributes from the external RADIUS server.  When you use a RADIUS proxy setup all AV pairs handed back from the RADIUS server are sent back to the client.  If you use a RADIUS token server setup you can select on attribute to receive back from the external RADIUS server.  I prefer the RADIUS token server setup as it looks like any other identity source.  In most cases I don't need any attributes coming back from the external RADIUS server.

 

As to why you would use an external RADIUS server the most common use case is MFA/2FA.  You are passing the authentication over to an external MFA/2FA RADIUS server to get processed and ISE can still do the authorization phase.

View solution in original post

1 Reply 1

paul
Level 10
Level 10

Are you asking when to use RADIUS proxy vs. RADIUS token server setup?  Or just why would you send request to another RADIUS server?

 

If you are asking the first one basically it boils down to being able to pass back all the attributes from the external RADIUS server.  When you use a RADIUS proxy setup all AV pairs handed back from the RADIUS server are sent back to the client.  If you use a RADIUS token server setup you can select on attribute to receive back from the external RADIUS server.  I prefer the RADIUS token server setup as it looks like any other identity source.  In most cases I don't need any attributes coming back from the external RADIUS server.

 

As to why you would use an external RADIUS server the most common use case is MFA/2FA.  You are passing the authentication over to an external MFA/2FA RADIUS server to get processed and ISE can still do the authorization phase.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: