Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
824
Views
0
Helpful
1
Replies

Radius proxy use cases

Go to solution
dgaikwad
Level 5
Level 5

‎04-16-2019 12:32 AM

Hi There,

There is an option on ISE where it could be used as a radius proxy server.
I am quite curious what could be such use case where this could be implemented?
Could you please list and explain such use cases?

Thank you

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paul
Level 10
Level 10

‎04-16-2019 05:34 AM

Are you asking when to use RADIUS proxy vs. RADIUS token server setup?  Or just why would you send request to another RADIUS server?

 

If you are asking the first one basically it boils down to being able to pass back all the attributes from the external RADIUS server.  When you use a RADIUS proxy setup all AV pairs handed back from the RADIUS server are sent back to the client.  If you use a RADIUS token server setup you can select on attribute to receive back from the external RADIUS server.  I prefer the RADIUS token server setup as it looks like any other identity source.  In most cases I don't need any attributes coming back from the external RADIUS server.

 

As to why you would use an external RADIUS server the most common use case is MFA/2FA.  You are passing the authentication over to an external MFA/2FA RADIUS server to get processed and ISE can still do the authorization phase.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
paul
Level 10
Level 10

‎04-16-2019 05:34 AM

Are you asking when to use RADIUS proxy vs. RADIUS token server setup?  Or just why would you send request to another RADIUS server?

 

If you are asking the first one basically it boils down to being able to pass back all the attributes from the external RADIUS server.  When you use a RADIUS proxy setup all AV pairs handed back from the RADIUS server are sent back to the client.  If you use a RADIUS token server setup you can select on attribute to receive back from the external RADIUS server.  I prefer the RADIUS token server setup as it looks like any other identity source.  In most cases I don't need any attributes coming back from the external RADIUS server.

 

As to why you would use an external RADIUS server the most common use case is MFA/2FA.  You are passing the authentication over to an external MFA/2FA RADIUS server to get processed and ISE can still do the authorization phase.

0 Helpful
Top