cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4647
Views
17
Helpful
2
Replies
Explorer

Process Host Lookup in ISE

What is meant by "Process Host Lookup " in Allowed Protocol Service in cisco ISE? I am new to ISE and trying to understand authentication policies.

This is the link I was referencing:

http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_auth_pol.html#wp1121600

Thanks,

Kashish

Everyone's tags (1)
2 REPLIES 2
Highlighted
Participant

Process Host Lookup in ISE

Hello,

MAB is PAP...or you can optimize

RADIUS Access-Request

MAB as PAP · works with any RADIUS server ·  password = username Differentiates MAB Request MAB as "Host Lookup" ·  ACS/ISE optimization · no need for fake passwords

Highlighted
Cisco Employee

Process Host Lookup in ISE

Hi Kashish,

Process Host Lookup, this option suggest the radius server to check  Service-Type Call Check attribute in the radius access-request.

When the Process Host Lookup option is checked, ACS uses the System UserName attribute that was copied from the RADIUS User-Name attribute. When the Process Host Lookup option is not checked, ACS ignores the HostLookup field and uses the original value of the System UserName attribute for authentication and authorization. The request processing continues according to the message protocol; for example, according to the RADIUS User-Name and User-Password attributes for PAP.

When radius identifies a network access request with the call check attribute as Host Lookup (RADIUS::ServiceType = 10), radiussnauthenticates (validates) and authorizes the host by looking up the value in the Calling-Station-ID attribute (for example, the MAC address) in the configured identity store according to the authentication policy.

Jatin Katyal
- Do rate helpful posts -

~Jatin Katyal