Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6109
Views
0
Helpful
2
Replies

Auth and Accounting Port Defaults?

Go to solution
Matthew Martin
Level 5
Level 5

‎07-13-2017 11:27 AM - edited ‎03-11-2019 12:51 AM

Hello All,

I'm configuring some more of our switches/locations to start authenticating clients through our Cisco ISE server.

In the Cisco ISE v2.0 Admin Guide (*Chapter 33) under the section for configuring Switches and WLCs, it has the command below:

! Use RFC-standard ports (1812/1813)
radius-server host <Cisco_ISE_IP_address> auth-port 1812 acct-port 1813 test username test-radius key 0 <RADIUS-KEY>


However, on the current 2960 switch I'm configuring (*and I believe on every other switch I've configured already), it shows the default auth-port and acct-port as 1645 and 1646 respectively. See below:

JWP2960SALDCsw1(config)#radius-server host 10.1.2.3 ?
  acct-port	UDP port for RADIUS accounting server (default is 1646)
  alias		1-8 aliases for this server (max. 8)
  auth-port	UDP port for RADIUS authentication server (default is 1645)
  backoff	Retry backoff pattern (Default is retransmits with constant delay)
  key		per-server encryption key (overrides default)
  non-standard	Parse attributes that violate the RADIUS standard
  retransmit	Specify the number of retries to active server (overrides default)
  test		Configure server automated testing.
  timeout	Time to wait for this RADIUS server to reply (overrides default)


So what is the REAL answer here? And is there a way to check what ports the ISE server is listening on, for auth and acct..?

Thanks in Advance,
Matt

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
agrissimanis
Level 1
Level 1

‎07-13-2017 01:20 PM

Hi Matt,

ISE is listening on both pairs of ports. It is just that 1645 and 1646 were used initially and this has been left as the default. It is recommended to use 1812 and 1813, which are now officially assigned to RADIUS, and listed in the RFCs.

Regards,

Agris

Please Mark as correct, if this answers the question

View solution in original post

0 Helpful
2 Replies 2

Go to solution
agrissimanis
Level 1
Level 1

‎07-13-2017 01:20 PM

Hi Matt,

ISE is listening on both pairs of ports. It is just that 1645 and 1646 were used initially and this has been left as the default. It is recommended to use 1812 and 1813, which are now officially assigned to RADIUS, and listed in the RFCs.

Regards,

Agris

Please Mark as correct, if this answers the question

0 Helpful

Go to solution
Matthew Martin
Level 5
Level 5
In response to agrissimanis

‎07-13-2017 01:40 PM

Agris, thanks for the reply!

Ok cool, thanks. I'll continue using 1812 and 1813 for the RADIUS ports...


Thanks Again,
Matt

0 Helpful
Customers Also Viewed These Support Documents