05-10-2012 08:33 AM - edited 02-21-2020 04:38 AM
What is meant by "Process Host Lookup " in Allowed Protocol Service in cisco ISE? I am new to ISE and trying to understand authentication policies.
This is the link I was referencing:
http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_auth_pol.html#wp1121600
Thanks,
Kashish
05-30-2013 06:41 AM
Hello,
MAB is PAP...or you can optimize
RADIUS Access-Request
MAB as PAP · works with any RADIUS server · password = username Differentiates MAB Request MAB as "Host Lookup" · ACS/ISE optimization · no need for fake passwords
05-31-2013 04:05 AM
Hi Kashish,
Process Host Lookup, this option suggest the radius server to check Service-Type Call Check attribute in the radius access-request.
When the Process Host Lookup option is checked, ACS uses the System UserName attribute that was copied from the RADIUS User-Name attribute. When the Process Host Lookup option is not checked, ACS ignores the HostLookup field and uses the original value of the System UserName attribute for authentication and authorization. The request processing continues according to the message protocol; for example, according to the RADIUS User-Name and User-Password attributes for PAP.
When radius identifies a network access request with the call check attribute as Host Lookup (RADIUS::ServiceType = 10), radiussnauthenticates (validates) and authorizes the host by looking up the value in the Calling-Station-ID attribute (for example, the MAC address) in the configured identity store according to the authentication policy.
Jatin Katyal
- Do rate helpful posts -
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide