Hi,
I am looking at configuring an ISE server as a radius server.
I need to be able to match on internal users and allocate them to a specific authorization profile as some of the attributes are user-specific (static ip address, static routes) and some can be grouped together and applied via an authorization profile, i.e. VRF. basically some users have mutliple lines and they will be grouped together into their own VRF.
At the moment - I cannot see how it is possible to match against an internal users - I was hoping to use the 'user group's attribute configured when creating each user account. But, I am having trouble configuring ISE to accept this as an authorization condition, my syntax is something as follows:
Internal-User:User-group = 'user-group-name'
With the 'user-group-name' field being the actual value configured under the user account.
Does anyone have any experience with match on internal users, to be able to apply an authorization profile to them?
Best wishes
Mike