Use RADIUS for Device Administration with Cisco ISE server

  1. With Internal users identity, you have to create an account on the Cisco ISE local users database:
 
  1. With the next step, you have to add your device as a Radius client on the Cisco ISE server:

 
  
 
 
  1. Create a new entry for the Digi device in the Vendors list:

 
  1. Assign Vendor ID,attribute  and name next:

 




 
  1.  Create a Network Device Profile and assign an appropriate Radius Dictionary for the Digi device.
 

 
  1. Create an Authorization profile and assign a value of “admin” to the Radius attribute Unix-FTP-Group-Names:

 
  
 
  1. Create an Authentication and Authorization Policy for this local user account:


 
  1. Add Radius server IP address and password on the Digi device:
 

 
The configuration for Radius authentication is now complete.
Below are extra configurations steps to use Windows LDAP Active Directory (AD) server as an external identity source
 
1. Add connection to the Windows Active Directory (AD) server :

 
  
2. Add groups that you wish to use for authorization:
 

 
 
 
3. Create a Policy Set for LDAP AD authentication:

 
 

4. Create an Authentication Policy and set up AD as an external source for authentication:
 

 
 
 
  
5. Create an Authorization Policy to point to the right AD security group for authorization:
 

 
 
6.  Do not forget to add the user`s account to this security group on the Windows server:

 
 
 
 
The configuration is now complete and authentication using Radius with LDAP via Windows Active Directory is operational
   
Below is an example log output with a successful authentication and authorization on the Cisco ISE server:

 






 
Last updated: Sep 01, 2021

Filed Under

Network

Recently Viewed

No recently viewed articles