cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1570
Views
3
Helpful
3
Replies

WSA External Authentication Service Type

scamarda
Cisco Employee
Cisco Employee

I am setting up my WSA to use ISE as an external authentication method.  I have several other Cisco devices using ISE for Device Administration (RADIUS, not TACACS).  The routers and switches set their service type as Login.  The WSA sets its service type as      134217728.  I'd rather not create another Top Level Entry in my policy sets to handle the WSA.  I am looking to create a compound condition with a Boolean OR for the devices.  I can select RADIUS service type virtual for the routers and switched but I cannot enter 134217728 as a valid service type.  I only get the system provided drop downs.

Is is possible to add this to the existing RADIUS> Service Type dictionary or can I create my own dictionary with the service type of      134217728?

I know I can key on other attributes but I would like to use other attributes that come from the machine logins.

Regards.

Sam

1 Accepted Solution

Accepted Solutions

howon
Cisco Employee
Cisco Employee

Currently, the RADIUS-IETF dictionary cannot be modified. You could try creating a NDG with WSAs, and then craft a policy set condition that reads NDG = WSA or Service-Type = Login to satisfy both in a single policy set.

View solution in original post

3 Replies 3

howon
Cisco Employee
Cisco Employee

Currently, the RADIUS-IETF dictionary cannot be modified. You could try creating a NDG with WSAs, and then craft a policy set condition that reads NDG = WSA or Service-Type = Login to satisfy both in a single policy set.

Thanks Hosuk.  The customer ended up going with NDG configuration.  As an FYI, the WSA sends a Service-Type value of 134217728, not Login.

Do you know if WSA can use TACACS+ as external authentication service in the latest version?

 

thanks. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: