Is anyone otu there successfully using Cisco ISE as an eduroam ORPS?. I believe there were issues with ISE and eduroam due to both Radius Proxy and Realm stripping not being supported, but these seem to be resolved. can anyone comment either way?
Hi Matt, have you tried asking your question on the janet-roaming@jiscmail.ac.uk list? I am aware that two members have indicated that they are using ISE and they appear to be working just fine. I'll e-mail you directly to enable peer contact.
Ed
Sorry for the late replay getting back to the email on this, been a busy few weeks. We actuly use both ISE and Windows NPS. So are still in the process of migrating fully and to be truthful I still only use the Windows NPS to proxy to janet.
That being said I am intending over the next few weeks to migrate complely so I will keep you updated on my progress.
Submitted by Aaron Street on Thu, 2014-02-06 17:32
I am struggling to get ISE to accept incoming proxy requests from janets servers. When I spoke to CISCO engineer he was not sure and is going away to look, so not sure if this is an oversight on my part or an issue with ISE. I see the packets come in through the firewall and out the correct interface towards ISE server, but it has no logs or knowledge of them it seems.
Does any one have the basic set up working authenticating users from home and visited sites? Other wise its waiting for CISCO to get back to me.
Cheers
Submitted by Aaron Street on Thu, 2014-02-27 09:54
Answers
Hi Matt, have you tried asking your question on the janet-roaming@jiscmail.ac.uk list? I am aware that two members have indicated that they are using ISE and they appear to be working just fine. I'll e-mail you directly to enable peer contact.
Ed
Hi,
Sorry for the late replay getting back to the email on this, been a busy few weeks. We actuly use both ISE and Windows NPS. So are still in the process of migrating fully and to be truthful I still only use the Windows NPS to proxy to janet.
That being said I am intending over the next few weeks to migrate complely so I will keep you updated on my progress.
Hi Aaron,
Thanks for getting back to me, sorry for the delay the Janet site doesnt seem to prompt me when i get replies..
Yes I'd be really interested to find out how you get on, do keep in touch.
Maybe email would be better, matt.mckenna@kcl.ac.uk
cheers
I am struggling to get ISE to accept incoming proxy requests from janets servers. When I spoke to CISCO engineer he was not sure and is going away to look, so not sure if this is an oversight on my part or an issue with ISE. I see the packets come in through the firewall and out the correct interface towards ISE server, but it has no logs or knowledge of them it seems.
Does any one have the basic set up working authenticating users from home and visited sites? Other wise its waiting for CISCO to get back to me.
Cheers