07-12-2018 07:59 AM
Hello Community Members,
We are currently doing POC of ISE 2.3 for Radius AAA. We are using AAA to authenticate and authorize Base Stations(BTS) and CPEs.
We have third party vendor(Radwin, Cambium, mrotek etc) devices.
We have successfully achieved authentication and authorization for these devices by creating user defined dictionaries and vendor specific attributes. But now we have a requirement to send(push) multiple attribute values to the endpoints (BTS and CPEs) on the authentication and authorization of different devices based on their MAC or S/N of device.
We can create and define static value for these attributes but the requirement is to push variable values of multiple attributes, so creating those many Authorization profile doesn't seem feasible option.
So can you please help us out with the solution of how to fetch the MAC address or Serial number and use it to differentiate and assign different multiple values of attributes.
Hope you understand my query, and if not please ask your doubt and i will explain in details.
Thanks for the help in advance.
Regards,
Karan.
Solved! Go to Solution.
07-12-2018 08:23 AM
You can define custom attributes in ISE which are applied to user or endpoints in ISE database. You can then use these custom attributes to apply specific policy and return custom permissions. If the custom attribute itself contains the special value of the permission, say ACL or VLAN name or SGT, then you can often return this as a dynamic authorization. More info on this topic offered in BRKSEC-3697 session delivered at last Cisco Live in Orlando (refer to Reference presentation): On-Demand Library - Cisco Live Global Events
07-12-2018 08:23 AM
You can define custom attributes in ISE which are applied to user or endpoints in ISE database. You can then use these custom attributes to apply specific policy and return custom permissions. If the custom attribute itself contains the special value of the permission, say ACL or VLAN name or SGT, then you can often return this as a dynamic authorization. More info on this topic offered in BRKSEC-3697 session delivered at last Cisco Live in Orlando (refer to Reference presentation): On-Demand Library - Cisco Live Global Events
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide