Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5482
Views
6
Helpful
4
Replies

Huawei AAA Radius device administration with cisco ISE

Go to solution
waqas.suneel
Level 1
Level 1

‎08-10-2017 01:47 AM

Hello

I was wondering that if its possible to perform authentication, authorization and accounting of Huawei switches using AAA Radius. I have successfully done authentication and authorization using TACACS but I want to implement it using AAA Radius. Any guidance would be appreciated.

1 person had this problem
1 Accepted Solution

Accepted Solutions

Go to solution
Sean
Level 1
Level 1

‎08-12-2017 08:13 AM

I did a step-by-step write up on using ISE as a RADIUS server for device management with AD credentials.

Cisco ISE: Device Administration with AD Credentials using RADIUS – WiFi Workshop

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Arne Bier
VIP
VIP

‎08-10-2017 04:10 PM

Wouldn't that be something you'd find in a Huawei device configuration guide?  ISE will behave like any other Radius server at that point

0 Helpful

Go to solution
B. BELHADJ
Level 4
Level 4

‎08-11-2017 06:36 AM

Hi Suneel Waqas

As said by Arne Bier, you have to search in first time the different attributes to be used by Huawei devices if they don't use RADIUS IETF RFC2856 attributes.

From ISE side you have to configure the following:

1. Add the device in the appropriate group.

2. Create new allowed protocols based on the vendor guides. Policy ==> Policy Elements ==> Authentication ==> Allowed Protocols.

3. Create a new authorization Profile: Policy ==> Policy Elements ==> Results (If you are using ISE 2.3) ==> Authorization ==> Authorization Profiles.

// If you are using ISE 2.2 you have to enable the Policy Sets from Administration ==> Settings)

// The Authorization Profile must contains the Vendror Specific Attribute (Huawei) or Standard Attributes.

4.  Create a new Policy Set in Policy ==> Policy Sets

a. Choose your Conditions and Choose the Allowed Protocols previously created in the Step 2.

b. The authentication Policy is not mandatory if you have added the appropriate conditions in the step 2.

c. Create an Athorization Policy and add the conditions and add the Authorization Profile previously created in the Step 3 as Results Profiles

Please don't hesitate if you need any further information.

Best regards

0 Helpful

Go to solution
Sean
Level 1
Level 1

‎08-12-2017 08:13 AM

I did a step-by-step write up on using ISE as a RADIUS server for device management with AD credentials.

Cisco ISE: Device Administration with AD Credentials using RADIUS – WiFi Workshop

0 Helpful

Go to solution
fernando vila
Level 1
Level 1
In response to Sean

‎04-26-2024 07:34 AM

Hi Sean the link don´t work. Do you have a new one? 

0 Helpful
Customers Also Viewed These Support Documents