This document describes a configuration example of Cisco Identity Services Engine (ISE) used for device administration of Cambium Devices using RADIUS protocol.
Cisco recommends that you have knowledge of these topics:
Basic knowledge of Device Administration
Fundamental knowledge of Radius Protocol
Familiarity with Cambium Devices
The information in this document is based on these software and hardware versions:
Cisco Identity Services Engine (ISE) 126.96.36.1997
Cambium Networks Canopy PMP 450i Wireless Broadband Access Point
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any configuration.
1. Add Cambium Device : with Radius secret key
2. Add Cambium Vendor in Radius Dictionary : Navigate to the path : Dictionary >> Radius >> Radius Vendors
3. Add Cambium Vendor Attribute ID “Cambium-Canopy-UserLevel” ID : 50
4. Authorization Profile
Values for device administration are as follows:
5. Allowed Protocols:
6. Identity Sequence based on AD and Internal users
7. Policy Set
8. Authentication Policy
9. Authorization Policy
10. Cambium Device Configuration:
Please note that if you are using AD for user authentication, then Cambium device cannot be configured for EAP-MD5 as AD doesn't support that protocol.
In such case, device administration fails with the following error:
22043 Current Identity Store does not support the authentication method; Skipping it
Resolution is to configure Cambium device for EAP-PEAP-MSCHAPv2 rather EAP-MD5
Working scenario should ideally show the below attributes being sent from ISE to Cambium device
Hi good afternoonI should configure Cisco ISE RTC with Stealthwatch. I would like to know how should I use plus license (for pxgrid)?.I have 1000 base license, my question If I only use Cisco RTC without profiling, Should I purchase only 100 or 1000 plus ...
Take a look at the attached FirePower Access Control rule. Does the attached rule mean:FirePower, Access Control1) Block outbound connections for all SQL apps only on destination port 1433 or 2) Block outbound connection for all SQL apps on any ...
Hi Team, Need your assistance on the subject.We have a strange routing issue while connecting Cisco AnyConnect with Zscaler app running alongside > Zscaler app also add routes on the machine. It has its own virtual adapter> Issue we have i...
Please note that the minimum cryptography settings in AnyConnect 4.9 have been increased. Please ensure that your head-end is properly configured for the more stringent cryptography settings (if applicable) or users will be unable to connect after updatin...
Hican any body know ironport listen port 587, We have requirement ,external parter want to send mail our domain , they have restriction on their firewall they are allow port 587 instead of 25. could you please suggest what need to do to allow th...