Hi there,

A customer is asking whether the below findings will impact ISE operation.

Their findings are that ISE appears to issue a show run to validate switch requirements, rather than a show run all. The show run doesn't return radius-server vsa send accounting nor radius-server vsa send authentication, while the show run all does

Many thanks,

Brian

As you can see below the missing config is on the switch if I run the show run all command instead of show all command. The ISE use “ show run” command to check for mandatory command.

show run all | inc radius

aaa group server radius ISE-Group

aaa authentication dot1x default group radius

aaa authorization network default group radius

aaa authorization auth-proxy default group ISE-Group group radius

aaa accounting dot1x default start-stop group radius

aaa server radius dynamic-author

mab radius

ip radius source-interface Vlan99

radius-server attribute 77 include-in-acct-req

radius-server attribute 77 include-in-access-req

radius-server attribute 6 on-for-login-auth

radius-server attribute 6 support-multiple

radius-server attribute 8 include-in-access-req

radius-server attribute 25 access-request include

radius-server attribute 11 default direction out

radius-server attribute nas-port format a

radius-server dead-criteria time 30 tries 3

radius-server cache expiry 24 enforce hours

radius-server host 157.190.23.14 auth-port 1812 acct-port 1813 key 7 011205075E18155E711D0F48

radius-server host 157.190.23.19 auth-port 1812 acct-port 1813 key 7 130414110E1F177B7B756972

radius-server transaction max-tries 8

radius-server retransmit 3

radius-server timeout 5

radius-server ipc-limit in 10

radius-server ipc-limit done 10

radius-server vsa send accounting

radius-server vsa send authentication

show run  | inc radius 

aaa group server radius ISE-Group

aaa authentication dot1x default group radius

aaa authorization network default group radius

aaa authorization auth-proxy default group ISE-Group group radius

aaa accounting dot1x default start-stop group radius

aaa server radius dynamic-author

ip radius source-interface Vlan99

radius-server attribute 6 on-for-login-auth

radius-server attribute 6 support-multiple

radius-server attribute 8 include-in-access-req

radius-server attribute 25 access-request include

radius-server dead-criteria time 30 tries 3

radius-server host 157.190.23.14 auth-port 1812 acct-port 1813 key 7 011205075E18155E711D0F48

radius-server host 157.190.23.19 auth-port 1812 acct-port 1813 key 7 130414110E1F177B7B756972

show run all | inc ip device tracking

ip device tracking probe count 3

ip device tracking probe interval 30

ip device tracking probe delay 0

ip device tracking trace-buffer

show run  | inc ip device tracking 

CS-2-C160#