cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

802.1X With Port Radius NAS PORT Id Attribute Cisco ISE

651
Views
0
Helpful
0
Comments
meddane
Frequent Contributor

This document shows how to use the Port Radius NAS PORT Id Attribute in a compound condition to control access with 802.1X.

A user jdoe is allowed to access the network only through the physical port FastEthernet 0/1 of the switch and the user jwhite is allowed to access the network only through the physical port FastEthernet 0/2.

 The compound conditions is as follow:

 If the ISE sees in the Radius Access Request sent by the switch the Subject Radius User-Name Attribute = jdoe AND if ISE sees also the Port Radius NAS PORT Id Attribute = FastEthernet 0/1 then the ISE will apply an appropriate Authorization Profile. Otherwise ISE will deny the access, in other words if the user jdoe is connected to another physical port, the ISE server will block the network access.

If the ISE sees in the Radius Access Request sent by the switch the Subject Radius User-Name Attribute = jwhite AND if ISE sees also the Port Radius NAS PORT Id Attribute = FastEthernet 0/2 then the ISE will apply an appropriate Authorization Profile.

ISE.PNG