Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Multiple Radius Instances ?

SOLVED
Go to solution
Jickfoo_
Super Contributor
‎09-04-2008 09:29:AM
‎09-04-2008 09:29:AM

Multiple Radius Instances ?

I have several different platforms from 2 different companies and I want them all to use the UAC as a Radius Box.

The question is, how do I diffirentiate which Policies these devices access ?

The only thing I can think of is to have the UAC listen on multiple IP Address and somehow try to create unique sign in policies based on these IPs. I've been trying to do this without much luck.


If anyone is doing this could you please point me in the right direction? Thanks.

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Raheel_
Occasional Contributor
‎09-04-2008 10:29:AM
‎09-04-2008 10:29:AM

Re: Multiple Radius Instances ?

Yes, I belive creating different sign-in policy per company will work. You could then create different user realm per company and assign the specify companyÍs user realm to the specify sign-in policy. This allows specify company sign in using specify sign-in url. From each company user realmÍs role mapping policy, you could then assign to different role to differentiate users, i.e. a ïjuniperÍ role for juniper users. Then company specific policies will assign to this company specified role.

You could also create multiple location groups and then assign the sign-in policy to the location group. And assign RADIUS Client to the companyÍs specific location group. Please note that a RADIUS Client can only assign to one location group. Hence the RADIUS Client can only be utilizing for one company. You could not share the RADIUS Client among companies.

thanks

Raheel Anwar

View solution in original post

0 Kudos
5 REPLIES 5
ManojReddy_
Contributor
‎09-04-2008 10:03:AM
‎09-04-2008 10:03:AM

Re: Multiple Radius Instances ?

can do this without making UAC listen on multiple IP Addresses:

  • create multiple location groups and multiple sign-in policies(and realms, roles, radius attribute policies for roles too)
  • attach each location group to a different sign-in URL(make sure you select required auth protocols for each sing-n URL)
  • add each device from your several platforms as a RADIUS client in different location group(or the way you want it to be..).

boom, you are done!!

I hope you know the rest.

0 Kudos
Raheel_
Occasional Contributor
‎09-04-2008 10:29:AM
‎09-04-2008 10:29:AM

Re: Multiple Radius Instances ?

Yes, I belive creating different sign-in policy per company will work. You could then create different user realm per company and assign the specify companyÍs user realm to the specify sign-in policy. This allows specify company sign in using specify sign-in url. From each company user realmÍs role mapping policy, you could then assign to different role to differentiate users, i.e. a ïjuniperÍ role for juniper users. Then company specific policies will assign to this company specified role.

You could also create multiple location groups and then assign the sign-in policy to the location group. And assign RADIUS Client to the companyÍs specific location group. Please note that a RADIUS Client can only assign to one location group. Hence the RADIUS Client can only be utilizing for one company. You could not share the RADIUS Client among companies.

thanks

Raheel Anwar

0 Kudos
Raheel_
Occasional Contributor
‎09-04-2008 10:43:AM
‎09-04-2008 10:43:AM

Re: Multiple Radius Instances ?

also in this particular case you would need to have different roles such that different policies can be applied. We could still share same switch among companies and utilize different user realms to differentiate company. Utilizing OAC client as supplicant will prompt user to select realm during authentication. 3rd parties supplicant would need to append realm name in username.
0 Kudos
Jickfoo_
Super Contributor
‎09-04-2008 10:43:AM
‎09-04-2008 10:43:AM

Re: Multiple Radius Instances ?

Thanks,

Our problem is though we have 2 distinct companies on one NAS. So if we define location group by Source IP, both companies will go to the same location group and have to rifle through 2 distinct LDAP databases. We cant define 2 IPS on the NAS and seperate off the requests.

So given that, is our situation ok ? Multiple Virtual Ports ? Is there a better way ?

Thanks,

Justin

0 Kudos
Jickfoo_
Super Contributor
‎09-04-2008 12:25:PM
‎09-04-2008 12:25:PM

Re: Multiple Radius Instances ?

I just read your posts again and I think I answered my own question. We are going to use multiple IPs. I think we'll only need a few. I'd consider having the users choose a realm but my users would find it annoying. (much like I find them annoying)

Thanks very much for your help.

Justin

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.