cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1234
Views
0
Helpful
3
Replies
Highlighted
Beginner

Secure ACS 5 for IP address assignment via RADIUS?

Hey there!

I want to use RADIUS (of Secure ACS 5.3) to authenticate users within an ISP environment. Users log connect to a network using a point to point connection (L2) and then they are sending a RADIUS request to get IP adresses. Secure ACS is not quite easy to look through in that case.

Anyone has an idea?

I want to handover the following IETF values:

Framed ID

Framed Subnet Mask

Framed Route

that should be enough I think.

Thanks in advane for any help!

Regard!

Markus

3 REPLIES 3
Highlighted

Secure ACS 5 for IP address assignment via RADIUS?

Hi,

I have a qeustion? what is the device that sends the RADIUS request?

That devices must be added in the devices list in the RADIUS server, so waht is that device in your scenario?

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
Highlighted
Beginner

Secure ACS 5 for IP address assignment via RADIUS?

Hi!

It deals with mobile devices. Mobile devices logon to a ISP network via APN and then they send a request for an ip address to the ISP radius, which then sends the relay to my server.

Regards!

Markus

Highlighted

Re: Secure ACS 5 for IP address assignment via RADIUS?

If the ISP radius forwards the requests to you then the ISP RADIUS server must be added as a NAS in your ACS so it can authenticate against your ACS server.

You must know what type of authenticaion protocol the ISP RADIUS uses (PAP, CHAP...etc) to send the request to your ACS and enable that type on the service request you create on your ACS.

You create the policy normally and in the authorization profile for the successfully authenticated users you must assign the attributes you mentioned above.

BTW, there is no attribute like Framed-ID. I think you mean Framed-IP.

Is my explanation above clear to you?

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"