cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

705
Views
0
Helpful
4
Replies

Authentication Policy ISE with External RADIUS Server

Hi All,
I would like to authenticate client by using External RADIUS. Once I create authentication policy using the new compound condition (wireless dot1x + Radius Username Matches "domainB\") I would like to forward the user authentication who make an authen using domainB\username to the External RADIUS Server Sequence. But when I check on the authentication dashboard, it still authenticate using the default authentication rule.

Please suggest about this scenario.

Regards,

Sent from Cisco Technical Support Android App

4 REPLIES 4
Advocate

Authentication Policy ISE with External RADIUS Server

Hi,

Can you please post a screenshot of the authentication policy and the attributes from the monitoring report?

Tarik Admani
*Please rate helpful posts*

Tarik Admani
*Please rate helpful posts*

Authentication Policy ISE with External RADIUS Server

Hi, Tarik,

Please see screenshots of the authentication policy I have created.

Thanks,

Pongsatorn

Rising star

Authentication Policy ISE with External RADIUS Server

Can you please also share a copy of the authentication details for requests that do not match as expected.

This should also giev soem additional information

Authentication Policy ISE with External RADIUS Server

Hi jrabinow,

Which details you would like to see ?

Here is some infos.

ISEs are deployed in 2 domains such as "acme.com" and "sub.acme.com"

Each domain does not make a trusted relationship so these 2 domains cannot communicate between them.

Each domain has owned Enterprise Root CA (Microsoft)

Client who need to access the network need to authenticate with EAP-TLS.

My environment

My ISE node joined into domain "acme.com"

User will be "name1@acme.com"

Once the user from "name2@sub.acme.com" try to authenticate, I would like to forward the RADIUS request from ISEs (acme.com) to other ISEs (sub.acme.com)

After ISEs in "sub.acme.com" return RADIUS-ACCEPT then ISEs in "acme.com" will process an authorization policy.

Regards,

Pongsatorn