What is meant by "Process Host Lookup " in Allowed Protocol Service in cisco ISE? I am new to ISE and trying to understand authentication policies.
This is the link I was referencing:
MAB is PAP...or you can optimize
MAB as PAP · works with any RADIUS server · password = username Differentiates MAB Request MAB as "Host Lookup" · ACS/ISE optimization · no need for fake passwords
Process Host Lookup, this option suggest the radius server to check Service-Type Call Check attribute in the radius access-request.
When the Process Host Lookup option is checked, ACS uses the System UserName attribute that was copied from the RADIUS User-Name attribute. When the Process Host Lookup option is not checked, ACS ignores the HostLookup field and uses the original value of the System UserName attribute for authentication and authorization. The request processing continues according to the message protocol; for example, according to the RADIUS User-Name and User-Password attributes for PAP.
When radius identifies a network access request with the call check attribute as Host Lookup (RADIUS::ServiceType = 10), radiussnauthenticates (validates) and authorizes the host by looking up the value in the Calling-Station-ID attribute (for example, the MAC address) in the configured identity store according to the authentication policy.
- Do rate helpful posts -