I have to configure AAA on HP 6125 (c7000 enclosure) with ISE for SSH and TELNET access.
It works for TELNET but not for SSH.
Attributes sent in access-accept for TELNET are the following:
0 is for TELNET.
The problem is that SSH value is not available by default and you have to add it into the IETF dictionnary. I made it with Microsoft NPS and it works perfectly.
Unfortunatly it seems not possible with Cisco ISE. Please could you help me ?
Yes you are right.
I edited c:\windows\system32\ias\dnary.xml and add the following value to login-service attribute:
<StandardValue> <Name>ssh</Name> <Value>50</Value> </StandardValue>
Unfortunaly it is not possible to add this value in ISE.
As far as i can tell, we can't change the built-in dictionaries, so im not sure to do this. Also the value "50", is not a standard value for the Login-Service" IETF radius attribute according to IANA
Have you find any solution to your problem since 2 month ?
Because even if 50 is not standard, it's what the equipment need :-(
We use ISE for cisco devices and Microsoft NPS for HP devices.
ISE is configured as a radius proxy to simplify radius settings on HP and Cisco devices.