Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
470
Views
0
Helpful
1
Replies

Why does ISE not allow Reply-Message to be sent along with Access-Reject?

Go to solution
Arne Bier
VIP
VIP

‎10-29-2018 05:52 PM

hello

 

The RFC 2865 says that Reply-Message (attribute 18)  MAY be sent in Access-Accept and/or Reject - it's not mandatory of course, but I noticed that ISE 2.4 will allow me to configure both scenarios - but it will only send the attribute in the Access-Accept case, and not in the Reject case.  I would have thought the GUI might flag that as "not supported" or something along those lines.  It's a useful attribute to flag a reason code to the client (perhaps another Radius server) - this can be something cryptic like REASON-CODE 0x01 - only the remote end will understand it.

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎10-29-2018 07:14 PM

CSCuo02920 is an existing enhancement on this. Please provide examples on what client or which RADIUS server needing this and how it consuming it.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
hslai
Cisco Employee
Cisco Employee

‎10-29-2018 07:14 PM

CSCuo02920 is an existing enhancement on this. Please provide examples on what client or which RADIUS server needing this and how it consuming it.

0 Helpful
Customers Also Viewed These Support Documents