cancelar
Mostrando los resultados de 
Buscar en lugar de 
Quiere decir: 
cancel
406
Visitas
1
ÚTIL
6
Respuestas

HTTPS Credentials using ISE

ahmedaburaihan
Level 1
Level 1

Hallo Community 
I have a small setup where I have a client, 9300 Switch and Cisco ISE. I have configured HTTPS Server on Switch. 

I have also setup ISE, created a user (httpsuser) and a User Identity Group (httpsgroup). I created Device Admin Policy Set where in Authentication I used default (all_user_ID_Stores) and in Authorization Policy I have created a Rule which compares User Identity and if it matches, then in command sets All Commands and in Shell Profile I have set Privilege Level 15. 

Now the Client is not able to do HTTPS://192.168.1.2 with the given username and password. Also Switch shell is not accessible with the same username and password. 

Top1.png

Thank you for a suggestion. 

A. 

6 RESPUESTAS 6

@ahmedaburaihan 

This can be a switch configuration problem. I believe the following doc comtemplates both ISE and switch

https://www.wiresandwi.fi/blog/cisco-ise-configuring-radius-authentication-for-device-administration

 

@Flavio Miranda Dear Flavio, I have configured TACACS because it is used for Management Plane purposes. 

 

Here one example for TACACS and  admin web interface

 

aaa new-model
!
!
aaa group server tacacs+ pom-ise
 server name pom-ise01
 server name pom-ise02
!
aaa authentication login default group pom-ise local
aaa authentication login console local
aaa authentication webauth default group pom-ise local
aaa authorization config-commands
aaa authorization exec default group pom-ise if-authenticated 
aaa authorization commands 15 default group pom-ise if-authenticated 
!
no ip http server
ip http authentication aaa login-authentication default
ip http authentication aaa exec-authorization default
ip http secure-server
!

 

@Flavio Miranda this config makes sense, do we need exec-authorization command also? because i have already configured All Commands with Priv Lev 15 in ISE. Thank you. 

M02@rt37
VIP
VIP

Hello @ahmedaburaihan 

Do you check that that HTTPS is properly configured on the switch ?Verify that the switch is configured to use HTTPS and that you have generated the necessary certificates.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

M02@rt37 Yes, there is no problem with configs. The Switch does not have any TrustPoints, it creates Self-Signed Cert.