Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
807
Views
0
Helpful
1
Replies

ISE Authentication condition to match RADIUS Administration sessions

Brett Verney
Level 1
Level 1

‎07-23-2017 07:58 PM - edited ‎03-11-2019 12:52 AM

Hi there,

I am deploying an ISE solution for a client who is using to authenticate a wide range of services. With the introduction of 'Device Administration Policy Sets', TACACs requests are handled and configured in a separate section. However RADIUS requests are still configured in the regular Policy Sets.

I have a seperate condition each to match wired and wireless RADIUS requests, however I am looking for a condition that matches device admin RADIUS requests, so I can handle the requests in their own policy set.

I am thinking I can match on something like:

RADIUS:NAS-Port-Type = Virtual
&
(Network Access:AuthenticationMethod = PAP_ASCII or CHAP/MD5)

But I just want to confirm that this will match all RADIUS admin requests, regardless of vendor or device type? Or is there a better way to do this?


Regards,

Brett

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Philip91
Level 1
Level 1

‎07-27-2017 12:03 AM

Hello,

Virtual is working with Cisco Devices for ssh

if you also want console authenticated use async.

Other devices haven´t been tested.

Greetings

Philip

0 Helpful
Customers Also Viewed These Support Documents