cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7355
Views
23
Helpful
2
Replies

Process Host Lookup in ISE

Kashish_Patel
Level 2
Level 2

What is meant by "Process Host Lookup " in Allowed Protocol Service in cisco ISE? I am new to ISE and trying to understand authentication policies.

This is the link I was referencing:

http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_auth_pol.html#wp1121600

Thanks,

Kashish

2 Replies 2

harvisin
Level 3
Level 3

Hello,

MAB is PAP...or you can optimize

RADIUS Access-Request

MAB as PAP · works with any RADIUS server ·  password = username Differentiates MAB Request MAB as "Host Lookup" ·  ACS/ISE optimization · no need for fake passwords

Jatin Katyal
Cisco Employee
Cisco Employee

Hi Kashish,

Process Host Lookup, this option suggest the radius server to check  Service-Type Call Check attribute in the radius access-request.

When the Process Host Lookup option is checked, ACS uses the System UserName attribute that was copied from the RADIUS User-Name attribute. When the Process Host Lookup option is not checked, ACS ignores the HostLookup field and uses the original value of the System UserName attribute for authentication and authorization. The request processing continues according to the message protocol; for example, according to the RADIUS User-Name and User-Password attributes for PAP.

When radius identifies a network access request with the call check attribute as Host Lookup (RADIUS::ServiceType = 10), radiussnauthenticates (validates) and authorizes the host by looking up the value in the Calling-Station-ID attribute (for example, the MAC address) in the configured identity store according to the authentication policy.

Jatin Katyal
- Do rate helpful posts -

~Jatin
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: