- Read Me First
- Overview of ISG
- Configuring ISG Control Policies
- Configuring ISG Access for PPP Sessions
- Configuring ISG Access for IP Subscriber Sessions
- Configuring ISG IPv6 Support
- Configuring MQC Support for IP Sessions
- Configuring ISG Port-Bundle Host Key
- Configuring ISG as a RADIUS Proxy
- Configuring ISG as a RADIUS Proxy in Passthrough Mode
- ISG RADIUS Proxy Support for Mobile Users—Hotspot Roaming and Accounting Start Filtering
- Walk-By User Support in ISG
- ISG L2 Subscriber Roaming
- Configuring RADIUS-Based Policing
- Overview for Framed Route
- ISG Dynamic VLAN Interface Provisioning
- Ambiguous VLAN Support for IP sessions over ISG
- Configuring ISG Policies for Automatic Subscriber Logon
- Configuring DHCP Option 60 and Option 82 with VPN-ID Support for Transparent Automatic Logon
- Enabling ISG to Interact with External Policy Servers
- Configuring ISG Subscriber Services
- Configuring ISG Network Forwarding Policies
- Configuring ISG Accounting
- Configuring ISG Support for Prepaid Billing
- Configuring ISG Policies for Session Maintenance
- Redirecting Subscriber Traffic Using ISG Layer 4 Redirect
- Configuring Layer 4 Redirect Logging
- Configuring ISG Policies for Regulating Network Access
- Configuring ISG Integration with SCE
- Service Gateway Interface
- ISG MIB
- ISG SSO and ISSU
- ISG Debuggability
- Troubleshooting ISG with Session Monitoring and Distributed Conditional Debugging
- Configuring ISG Troubleshooting Enhancements
- Gx Diameter Support for ISG sessions
- Gx Diameter Monitoring and Reporting
- DHCPv6 Support for ISG
Intelligent Services Gateway Configuration Guide, Cisco IOS XE Fuji 16.7.x
- Updated:
- April 5, 2018
Chapter: Configuring ISG as a RADIUS Proxy in Passthrough Mode
- Finding Feature Information
- Prerequisites for Configuring ISG as a RADIUS Proxy in Passthrough Mode
- Restrictions for Configuring ISG as a RADIUS Proxy in Passthrough Mode
- Information About Configuring ISG as a RADIUS Proxy in Passthrough Mode
- How to Configure ISG as a RADIUS Proxy in Passthrough Mode
- Configuration Examples for Configuring ISG as RADIUS Proxy in Passthrough Mode
- Additional References for ISG as RADIUS Proxy in Passthrough Mode
- Feature Information for Configuring ISG as a RADIUS Proxy in Passthrough Mode
Configuring ISG as
a RADIUS Proxy in Passthrough Mode
Configuring ISG as a RADIUS Proxy in Passthrough Mode allows the Cisco Intelligent Services Gateway (ISG) acting as a RADIUS Proxy to direct all the RADIUS traffic from the client to the RADIUS server, without creating an ISG session.
This module describes how to configure ISG in RADIUS Proxy passthrough mode.
- Finding Feature Information
- Prerequisites for Configuring ISG as a RADIUS Proxy in Passthrough Mode
- Restrictions for Configuring ISG as a RADIUS Proxy in Passthrough Mode
- Information About Configuring ISG as a RADIUS Proxy in Passthrough Mode
- How to Configure ISG as a RADIUS Proxy in Passthrough Mode
- Configuration Examples for Configuring ISG as RADIUS Proxy in Passthrough Mode
- Additional References for ISG as RADIUS Proxy in Passthrough Mode
- Feature Information for Configuring ISG as a RADIUS Proxy in Passthrough Mode
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Prerequisites for Configuring ISG as a RADIUS Proxy in Passthrough Mode
Restrictions for Configuring ISG as a RADIUS Proxy in Passthrough Mode
Information About Configuring ISG as a RADIUS Proxy in Passthrough Mode
ISG Acting as a RADIUS Proxy Passthrough
The RADIUS proxy module of the Cisco ISG can be run in the passthrough mode to proxy the client's RADIUS traffic. This improves manageability. The RADIUS Proxy passthrough mode can be configured in two ways:
-
Global level: You can enable RADIUS proxy passthrough globally by configuring the mode pass-through command in the ISG RADIUS proxy server configuration mode. This causes all the clients configured after this command to be in RADIUS Proxy passthrough mode.
-
Client level: You can enable RADIUS proxy passthrough at the client level by configuring the mode pass-through command for a specific client in the RADIUS proxy client configuration mode. 
Note
The ISG interface can also be configured for dual initiators where one initiator can be RADIUS proxy and the other non-RADIUS proxy. When a specified ISG interface having dual initiators receives the non-RADIUS proxy trigger, ISG creates a session for the client. However, if this interface has a client configured to be in RADIUS proxy pass-through mode, it does not create a session when the RADIUS proxy trigger is received. Both these scenarios can co-exist on the same ISG interface.
The RADIUS proxy configuration allows you to configure the accounting method list which specifies the AAA server to which the accounting start, interim and stop records are forwarded. This can be done at both the client level and the global level.
Benefits of Using ISG in RADIUS Proxy Passthrough Mode
How to Configure ISG as a RADIUS Proxy in Passthrough Mode
Enabling RADIUS Proxy Passthrough mode at Global Level
Perform this task to enable the RADIUS proxy passthrough mode globally.
1. enable
2. configure terminal
3. aaa new-model
4. aaa server radius proxy
5. mode pass-through
6. key [0 | 7] word
7. accounting method-list {method-list-name | default}
8. authentication method-list {method-list-name | default}
9. authentication port port-number
10. accounting port port-number
11. client {name | ip-address} [subnet-mask [vrfvrf-id]]
12. end
DETAILED STEPS
Enabling RADIUS Proxy Passthrough mode at Client Level
Perform this task to enable the RADIUS proxy passthrough mode for an individual client.
1. enable
2. configure terminal
3. aaa new-model
4. aaa server radius proxy
5. client {name | ip-address} [subnet-mask [vrfvrf-id]]
6. mode pass-through
7. key [0 | 7] word
8. accounting method-list {method-list-name | default}
9. authentication method-list {method-list-name | default}
10. authentication port port-number
11. accounting port port-number
12. end
DETAILED STEPS
Verifying ISG RADIUS Proxy Passthrough Sessions
1. enable
2. show radius-proxy statistics
3. end
DETAILED STEPS
Clearing ISG RADIUS Proxy Statistics
1. enable
2. clear radius-proxy statistics
3. end
DETAILED STEPS
| Command or Action | Purpose |
|---|
Configuration Examples for Configuring ISG as RADIUS Proxy in Passthrough Mode
Example: Configuring Radius Proxy Passthrough Mode
The following example shows how to configure ISG as a RADIUS Proxy passthrough where the interface is configured with dual initiators. Here, an ISG session is not created for the client 10.0.0.2 as it is in passthrough mode whereas a session is created for the client 12.0.0.2 as session creation is triggered by the RADIUS proxy initiator.
aaa server radius proxy message-authenticator ignore ! client 10.0.0.2 mode pass-through key radprxykey accounting method-list SVC_ACCT authentication port 1645 accounting port 1646 client 12.0.0.2 key radprxykey accounting method-list SVC_ACCT authentication method-list SVC_ACCT authentication port 1647 accounting port 1648
Example: Verifying Radius Proxy Passthrough Mode
Use the show radius-proxy statistics command to verify that ISG is functioning in RADIUS proxy passthrough mode.
The following is a sample output from the show radius-proxy statistics command, showing information for both passthrough and non-passthrough clients.
Device#show radius-proxy statistics NON-PASSTHROUGH CLIENTS FROM: Client ISG AAA Access Requests: 0 0 0 Access Accepts: 0 0 0 Access Rejects: 0 0 0 Access Challenges 0 0 0 Accounting Requests 0 0 0 Accounting Starts 0 0 0 Accounting Stops 0 0 0 Accounting Updates 0 0 0 Accounting Responses 0 0 0 Accounting ON/OFFS 0 0 0 PASSTHROUGH CLIENTS FROM: Client ISG AAA Access Requests: 48000 48000 0 Access Accepts: 0 48000 48000 Access Rejects: 0 0 0 Access Challenges 0 0 0 Accounting Requests 80000 80000 0 Accounting Starts 80000 0 0 Accounting Stops 0 0 0 Accounting Updates 0 0 0 Accounting Responses 0 0 80000 Accounting ON/OFFS 0 0 0
Additional References for ISG as RADIUS Proxy in Passthrough Mode
Related Documents
|
Related Topic |
Document Title |
|---|---|
|
Cisco IOS commands |
|
|
ISG commands |
|
|
ISG as RADIUS Proxy |
"Configuring ISG as a RADIUS Proxy" module in the Intelligent Services Gateway Configuration Guide |
|
RADIUS configurations |
"Configuring RADIUS" module in the RADIUS Configuration Guide |
|
ISG Subscriber Service configurations |
"Configuring ISG Subscriber Services" module in the Intelligent Services Gateway Configuration Guide |
|
Command Lookup Tool |
Technical Assistance
| Description | Link |
|---|---|
|
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. |
Feature Information for Configuring ISG as a RADIUS Proxy in Passthrough Mode
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.|
Feature Name |
Releases |
Feature Information |
|---|---|---|
|
Configuring ISG as a RADIUS Proxy in Passthrough Mode |
Configuring the ISG as a RADIUS Proxy in Passthrough Mode allows the Cisco Intelligent Services Gateway (ISG) acting as a RADIUS Proxy to direct all the RADIUS traffic from the client to the RADIUS server, without creating an ISG session. The following commands were introduced: mode pass-thru and authentication method-list list-authen. |
Feedback