Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1045
Views
0
Helpful
6
Replies

ISE 2.2.0.470 - Radius

James Davies
Level 1
Level 1

‎04-20-2017 06:23 AM - edited ‎03-11-2019 12:38 AM

I am using my ISE for Device Administration, and its working fine, But we have some devices that use Radius, I cannot seem to figure out, where I allow this? I have added Network Devices that use Radius, enabled the Radius Key etc. I made a radius attempt from a radius device and nothing...

Under Allowed Protocols Services, you cant even add Radius as allowed protocol?

Help or sugesstions please?

Thanks

Labels:
0 Helpful
6 Replies 6

agrissimanis
Level 1
Level 1

‎04-21-2017 02:37 AM

RADIUS is the protocol that transports the credentials and facilitates the setup of secure network access, that is why you don't see it there.

For device admin authentication you will probably need to enable "Allow PAP/ASCII" under Authentication protocols.

Share more details about your Authentication and Authorization policies, devices that you are trying to configure, etc.

0 Helpful

James Davies
Level 1
Level 1
In response to agrissimanis

‎04-21-2017 04:02 AM

I am just using the "tacacs_Default" Policy, which works fine for TACACS.

I tried to create a new Policy Set, and set it too "default network access" and All ID stores.

Ill try the "allow PAP/ASCII" now

0 Helpful

James Davies
Level 1
Level 1
In response to agrissimanis

‎04-21-2017 04:11 AM

I am just using the "tacacs_Default" Policy, which works fine for TACACS.

I tried to create a new Policy Set, and set it too "default network access" and All ID stores.

Allow PAP/ASCII is enabled

0 Helpful

agrissimanis
Level 1
Level 1
In response to James Davies

‎04-21-2017 05:26 AM

OK, so what results exactly you are getting?

If you issue this from the device cli "test aaa group radius testuser testpassword legacy " what does the ISE live log show?

0 Helpful

James Davies
Level 1
Level 1
In response to agrissimanis

‎04-21-2017 05:36 AM

im not getting any results. I switch my F5 device (which is Radius) to point to my ISE, I can then no longer log in, and there is nothing showing on the ISE, its not a network issue as its in the same subnet...

there are no instructions anywhere to set Radius Device Access and TACACS.

0 Helpful

agrissimanis
Level 1
Level 1
In response to James Davies

‎04-21-2017 06:32 AM

Are you definitely pointing the F5 to ISE PSN for auth? Even if the device is unknown to ISE or a protocol is not allowed, you should see an entry in the live log

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents