Cisco Switch Configuration for ISE
Switch Configuration
- Example configuration used
conf t radius server ISE_RADIUS address ipv4 10.0.30.40 auth-port 1645 acct-port 1646 key Temp1234!@#$ exit aaa group server radius ISE server name ISE_RADIUS ip radius source-interface vlan 30 exit aaa authentication dot1x default group ISE aaa authorization network default group ISE aaa authorization exec default group ISE local if-authenticated aaa accounting update perdiodic 3 aaa accounting dot1x default start-stop group ISE aaa server radius dynamic-author client 10.0.30.40 server-key Temp1234!@#$ radius-server attribute 6 on-for-login-auth radius-server attribute 8 include-in-access-req radius-server attribute 25 access-request include end
Explanation
- Explain commands
ISE Configuration
- Add in the name, description, IP address, Device profile, Model name, Software version.
- Enable the RADIUS Authentication Settings and input the shared secret then submit to add the switch in.
- To verify after you click on submit you will now see the device listed under the Network Devices section.
Authorization Profile
Policy Set
Verification
- On the switch you can issue:
show cdp neighbor show authentication session show aaa server
- On ISE GUI you can review the live session and logs under the RADIUS section in Operations:
Troubleshooting
- No authentication sessions are showing on the network device.
- Run an authentication test using the network device and review the logs in ISE.
- Verify the aaa server configuration
test aaa group radius test-user test-password new-code
- In ISE GUI:
Verify NTP is matching for Logs
- Verify the NTP server matches on all devices.
Cisco Switch:
ISE Server:
Leave a Reply