https://community.cisco.com/t5/network-access-control/switch-server-radius-config-post-sp-node-addition/m-p/5022520#M587549 <P>To add context, the encrypted key as viewed on the NAD is different for each ISE node configured (primary and secondary respectively), i.e. switch1 has an encrypted key for ISE1 and an encrypted key for ISE2. When reviewing the ISE configuration via the GUI, a singular RADIUS key exists. Yet, both encrypted keys utilise two different hashes, those same hashed keys are configured identically across different switching infrastructure. Is this simply a case that the key (and password) has been hashed twice, and applied on multiple NADs?</P><P>&nbsp;</P> Thu, 22 Feb 2024 08:08:17 GMT aavnet89 2024-02-22T08:08:17Z https://community.cisco.com/t5/network-access-control/switch-server-radius-config-post-sp-node-addition/m-p/5021283#M587474 <P>Good morning, good afternoon, good evening,</P><P>I am currently in the process of adding an additional Service Policy Node at a branch office, providing first response authentication, locally to site. This node is adopted and syncronising within the distrubted deployment.</P><P>Current switch configuration has the IP and ports of both the primary and secondary ISE nodes, with a seperate encrypted key for each configured responding RADIUS node. I wish to add the third SPN to the configuration, with an encrypted key. My question: <STRONG>Where in the ISE GUI can I add an *additional* RADIUS secret key on an already configured NAD?</STRONG></P><P>Example config:</P><P><BR />radius server ISE1<BR />address ipv4 1.1.1.1 auth-port 1645 acct-port 1646<BR />key 7 DSDSHJDJKSHAKDKSHKDLKHSAKLDASD</P><P>radius server ISE2<BR />address ipv4 2.2.2.2 auth-port 1645 acct-port 1646<BR />key 7 DSLKJUDJSALKDJSAJDLKi823797239871DS</P><P><BR />radius server NEW-ISE3<BR />address ipv4 3.3.3.3 auth-port 1656 acct-port 1646<BR /><STRONG>key 7 ENTERNEWKEYHERE *add to ISE*</STRONG></P><P>With thanks, in advance,</P><P>Alex</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 20 Feb 2024 14:14:37 GMT https://community.cisco.com/t5/network-access-control/switch-server-radius-config-post-sp-node-addition/m-p/5021283#M587474 aavnet89 2024-02-20T14:14:37Z https://community.cisco.com/t5/network-access-control/switch-server-radius-config-post-sp-node-addition/m-p/5021389#M587484 <P>Why not just use the same key?&nbsp; ISE supports up to two different keys for the same NAD but not three.</P> Tue, 20 Feb 2024 17:05:42 GMT https://community.cisco.com/t5/network-access-control/switch-server-radius-config-post-sp-node-addition/m-p/5021389#M587484 ahollifield 2024-02-20T17:05:42Z https://community.cisco.com/t5/network-access-control/switch-server-radius-config-post-sp-node-addition/m-p/5021988#M587503 <P>Thanks, ahollifield. An option, I have concidered.</P><P>To add context, the encrypted key as viewed on the NAD is different for each ISE node configured (primary and secondary respectively), i.e. switch1 has an encrypted key for ISE1 and an encrypted key for ISE2. When reviewing the ISE configuration via the GUI, a singular RADIUS key exists. Yet, both encrypted keys utilise two different hashes, those same hashed keys are configured identically across different switching infrastructure. Is this simply a case that the key (and password) has been hashed twice, and applied on multiple NADs?</P><P>&nbsp;</P> Wed, 21 Feb 2024 14:21:57 GMT https://community.cisco.com/t5/network-access-control/switch-server-radius-config-post-sp-node-addition/m-p/5021988#M587503 aavnet89 2024-02-21T14:21:57Z https://community.cisco.com/t5/network-access-control/switch-server-radius-config-post-sp-node-addition/m-p/5022520#M587549 <P>To add context, the encrypted key as viewed on the NAD is different for each ISE node configured (primary and secondary respectively), i.e. switch1 has an encrypted key for ISE1 and an encrypted key for ISE2. When reviewing the ISE configuration via the GUI, a singular RADIUS key exists. Yet, both encrypted keys utilise two different hashes, those same hashed keys are configured identically across different switching infrastructure. Is this simply a case that the key (and password) has been hashed twice, and applied on multiple NADs?</P><P>&nbsp;</P> Thu, 22 Feb 2024 08:08:17 GMT https://community.cisco.com/t5/network-access-control/switch-server-radius-config-post-sp-node-addition/m-p/5022520#M587549 aavnet89 2024-02-22T08:08:17Z