cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1202
Views
0
Helpful
1
Replies

User Defined attributes for Radius in ISE 2.3

karandesai32
Level 1
Level 1

Hello Community Members,

We are currently doing POC of ISE 2.3 for Radius AAA. We are using AAA to authenticate and authorize Base Stations(BTS) and CPEs.

We have third party vendor(Radwin, Cambium, mrotek etc) devices.

We have successfully achieved authentication and authorization for these devices by creating user defined dictionaries and vendor specific attributes. But now we have a requirement to send(push) multiple attribute values to the endpoints (BTS and CPEs) on the authentication and authorization of different devices based on their MAC or S/N of device.

We can create and define static value for these attributes but the requirement is to push variable values of multiple attributes, so creating those many Authorization profile doesn't seem feasible option.

So can you please help us out with the solution of how to fetch the MAC address or Serial number and use it to differentiate and assign  different multiple values of attributes.

Hope you understand my query, and if not please ask your doubt and i will explain in details.

Thanks for the help in advance.

Regards,

Karan.

1 Accepted Solution

Accepted Solutions

Craig Hyps
Level 10
Level 10

You can define custom attributes in ISE which are applied to user or endpoints in ISE database.  You can then use these custom attributes to apply specific policy and return custom permissions.  If the custom attribute itself contains the special value of the permission, say ACL or VLAN name or SGT, then you can often return this as a dynamic authorization.  More info on this topic offered in BRKSEC-3697 session delivered at last Cisco Live in Orlando (refer to Reference presentation): On-Demand Library - Cisco Live Global Events

View solution in original post

1 Reply 1

Craig Hyps
Level 10
Level 10

You can define custom attributes in ISE which are applied to user or endpoints in ISE database.  You can then use these custom attributes to apply specific policy and return custom permissions.  If the custom attribute itself contains the special value of the permission, say ACL or VLAN name or SGT, then you can often return this as a dynamic authorization.  More info on this topic offered in BRKSEC-3697 session delivered at last Cisco Live in Orlando (refer to Reference presentation): On-Demand Library - Cisco Live Global Events

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: