Forum Discussion
JStyx_213207
Nimbostratus
NimbostratusLoad Balancing RADIUS - Cisco ISE
Hi All,
Trying to load balance RADIUS requests for Cisco ISE.
Using This Guide the iRule that is suggested is returning an error:
01070151:3: Rule [/Common/test_radius] error: /Common/test_rad...
Andrew_Husking
Cirrus
CirrusSeem to be missing a few comment markers, try below
# ISE persistence iRule based on Calling-Station-Id (MAC Address) with fallback to NASIP-Addressas persistence identifier
when CLIENT_DATA {
#0: No Debug Logging 1: Debug Logging
set debug 0
#Persist timeout (seconds)
set nas_port_type [RADIUS::avp 61 "integer"]
if {$nas_port_type equals "19"}{
set persist_ttl 3600
if {$debug} {set access_media "Wireless"}
} else {
set persist_ttl 28800
if {$debug} {set access_media "Wired"}
}
#If MAC address is present - use it as persistent identifier
#See Radius AV Pair documentation on
if {[RADIUS::avp 31] ne "" }{
set mac [RADIUS::avp 31 "string"]
# Normalize MAC address to upper case
set mac_up [string toupper $mac]
persist uie $mac_up $persist_ttl
if {$debug} {
set target [persist lookup uie $mac_up]
log local0.alert "Username=[RADIUS::avp 1] MAC=$mac Normal MAC=$mac_up MEDIA=$access_media TARGET=$target"
}
} else {
set nas_ip [RADIUS::avp 4 ip4]
persist uie $nas_ip $persist_ttl
if {$debug} {
set target [persist lookup uie $nas_ip]
log local0.alert "No MAC Address found - Using NAS IP as persist id. Username=[RADIUS::avp 1] NAS IP=$nas_ip MEDIA=$access_media TARGET=$target"
}
}
}
