cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
15311
Views
0
Helpful
4
Replies

Check cisco switch radius server config with ISE radius server

getaway51
Level 2
Level 2

Hi,

Hi,

 

Wht cmd used in switch to check the communication with Radius server if the key & IP are correct? Also how to check in ISE?

 

radius server Radius-1
-address ipv4 172.30.5.6 auth-port 1812 acct-port 1813
-automate-tester username dummy probe-on
-key 7 051F031C35

 

-aaa server radius dynamic-author
-client 172.30.5.6 server-key 7 131112011F

2 Accepted Solutions

Accepted Solutions

Afolarin Omole
Level 1
Level 1

Hello,

Please can you be more clear on this . but really to check switch communication with cisco ISE as Radius server start from basic Layer 1 test which is ping and one there is a routing information in place then rest of radius communication is based on the port configuration which is the flow between the supplicant , authenticator and Radius server.

 

So let say all the above is in place and you decide to check if both devices are communicating , You can simply create a test user locally on cisco ISE and test this user from the configured switch acting as the radius client using :

Test AAA command and with question mark (?) you can be more granular.

 

If the above fails then there is communication issue , in most cases had seen is mostly the shared secret key but this can also the easy know via the Cisco ISE live logs or using DEBUG command on the switch itself and show log command.

 

Plaese make sure the switch is properly configure on ISE in the NETWORK DEVICES tAB with proper IP address and Radius shared secret. Let me know if this helps ....

 

View solution in original post

Kevin S Hatch
Level 1
Level 1

test aaa group radius #usertest# #apassword# new-code.

 

You could use this with your username for #usertest# and your NT password for #apassword#.

It will show up on the live logs page.

View solution in original post

4 Replies 4

jj27
Spotlight
Spotlight

To verify the configured password (yours is test) in ISE, go to Administration->Network Resources->Network Devices, locate the network device in the list, then click on it to edit it.  Scroll down to the RADIUS Authentication Settings section and click the Show button next to Shared Secret.

On the same page,  you can also verify the IP address that is configured for the network device.  It is generally good practice to set ip radius source-interface <interface name>  on  your network device to control which interface is used and ensure that the IP that is configured in ISE matches the IP of the interface you configured on the device.

Hi,

 

I cant see the live log showing anything about the radius server auth.

In switch, i can see "no authoritative response".

Can i do a "test aaa ....." ,but what is the username? WHen setup network devices in CIsco ISE, there isnt any username, only secret key.

If so, What would be the username then for this "test aaa"?

 

Afolarin Omole
Level 1
Level 1

Hello,

Please can you be more clear on this . but really to check switch communication with cisco ISE as Radius server start from basic Layer 1 test which is ping and one there is a routing information in place then rest of radius communication is based on the port configuration which is the flow between the supplicant , authenticator and Radius server.

 

So let say all the above is in place and you decide to check if both devices are communicating , You can simply create a test user locally on cisco ISE and test this user from the configured switch acting as the radius client using :

Test AAA command and with question mark (?) you can be more granular.

 

If the above fails then there is communication issue , in most cases had seen is mostly the shared secret key but this can also the easy know via the Cisco ISE live logs or using DEBUG command on the switch itself and show log command.

 

Plaese make sure the switch is properly configure on ISE in the NETWORK DEVICES tAB with proper IP address and Radius shared secret. Let me know if this helps ....

 

Kevin S Hatch
Level 1
Level 1

test aaa group radius #usertest# #apassword# new-code.

 

You could use this with your username for #usertest# and your NT password for #apassword#.

It will show up on the live logs page.