cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2191
Views
5
Helpful
4
Replies

C1000-16FP-2G-L Cisco ISE 3.0 configuration

FrankH31494
Level 1
Level 1

C1000-16FP-2G-L

c1000-universalk9-mz.152-7.E4.bin

I'm looking for a configuration guide on how to setup a c1000 catalyst switch for ISE 3.0 according to the compatibility matrix, it is a supported device, yet I can't get it configured. I have currently setup and configured 3850 and 9300s just fine. I currently have an open TAC case for support. In the meantime, I'm checking to see if the community has setup this model catalyst switch. 

Thanks

4 Replies 4

Hi @FrankH31494 ,

 yes, looking at Cisco ISE Release Notes 3.0, the Minimum OS Version for Catalyst 1000 is 15.2(7)E3.

 Please take a look at: Security Configuration Guide Catalyst 1000, search for Configuring RADIUS.

 Could you please provide more details about your issue ?

 

Hope this helps !!!

FrankH31494
Level 1
Level 1

yeah, that doesn't work. when I try to enter the following commands on the switchports, the command is not recognized. 

authentication control-direction in
!multi-domain = 1 phone and 1 data on port
authentication host-mode multi-domain
!multi-auth = multiple data on port
! authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication timer inactivity server
authentication violation restrict
authentication event fail action next-method
mab
dot1x pae authenticator
dot1x timeout tx-period 7
device-tracking attach-policy device-tracking

Hi @FrankH31494 ,

 I am assuming that you successfully:

. use the aaa new-model global configuration command to enable AAA.

. use the aaa authentication global configuration command to define method lists for RADIUS Authentication

 is that correct?

 Please also try at interface level to use the '?' ... are you able to verify the authentications commands?

Note: at Cisco Feature Navigator , comparing CAT1000 with CAT9300 (the one that works to you), CAT1000 looks like to have more features.

 

Hope this helps !!!

I haven't worked with the C1000 switch yet, but the commands you are trying to configure are part of the legacy authentication mode. It's likely that the C1000 uses the 'new-style' configuration mode by default (or possibly does not even support legacy mode), so I would suggest trying to leverage the IBNS 2.0 configuration templates as shown in the Secure Wired Access Prescriptive Deployment Guide.

IBNS 2.0 provides many feature enhancements over the legacy IBNS and has been considered best-practice for several years now.