This section shows how to configure IPV6 for Authentication Manager using RADIUS.
Configure Cisco ISE IPV6
Perform these steps to configure Cisco ISE IPV6.
By default, all ISE interfaces have the IPV6 address option enabled. If you do not plan to use IPV6, you should disable this option by issuing the commands no ipv6 address autoconfig and/or no ipv6 enable where applicable. You can use the show run command to verify which interfaces have IPV6 enabled.
The configuration considers cisco ISE is already configured with IPv4 addressing.
Enable Cisco ISE for IPV6 on the interface that handles the authentication requests or send them from:
XAPACISE01/admin# configure terminal Enter configuration commands, one per line. End with CNTL/Z. XAPACISE01/admin(config)# interface gigabitEthernet XAPACISE01/admin(config-GigabitEthernet)# ipv6 enable XAPACISE01/admin(config-GigabitEthernet)# ipv6 address 2002:db8:85a3::8a2e:370:7337/64 % Changing the IP address might cause ise services to restart Continue with IP address change? Y/N [N]: Y
Go to Administration > External RADIUS Servers and add the RSA SecurID Authentication manager as an External RADIUS Server.
Configure the RADIUS Sequence and add this server inside it.
Go to Administration > Network Devices List and Configure the IP and the RADIUS UDP settings as per below and Add the RADIUS client that is expected to connect to ISE over IPV6.
Apply this to the Policy as a Proxy RADIUS requests, Go to the policy sets and use the sequence created in Step 3 as shown in the image.
Configure Authentication Manager IPV6
Perform these steps to configure Authentication Manager IPV6.
Access the Operations Console and go to Administration > Network > Appliance Network Settings and Enable IPV6 and enter the details.
Go to Security Console > RADIUS > RADIUS clients and add the RADIUS Client.
Click Save & Create Associated Agent to create an RSA agent for this RADIUS client.