This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I'm running ISE 2.4 and I'm trying to get NAC via dot1x/radius working. I have a NX-OS 9K switch in my network devices with correct radius key. I also have a default policy set to accept dotx wired users and allow them to do anything. On the switch I have aaa setup to use ISE as a radius server and I've confirmed reachability. I've also enabled dot1x on a test port I have a laptop connected to. When I connect I get 'authorization pending' and see nothing else in show dot1x all or show radius. I see nothing in ISE's radius logs so I assume I'm not even talking to it. What else can I check? I followed directions below:
radius-server host 188.8.131.52 key 7 "x" authentication accounting timeout 5 retransmit 3
radius-server host 184.108.40.206 key 7 "x" authentication accounting timeout 5 retransmit 3
aaa group server radius MuhISE
ip access-list ALLOW-ALL
10 permit ip any any
aaa authentication dot1x default group MuhISE
aaa accounting dot1x default group MuhISE
aaa authentication login error-enable
ip access-group ALLOW-ALL in
dot1x pae authenticator
dot1x port-control auto
dot1x timeout tx-period 10
switchport access vlan 666
spanning-tree port type edge
spanning-tree bpduguard enable
network devices - nexus switch above added using mgmt0 interface in vrf
policy (radius = 802.1x)
authentication (wired mab and default both look in all stores0
authorization (wired mab and default both allow all)
Solved! Go to Solution.