Solved: Check connectivity from switch to endpoint devices and ISE server

Da ICS16 · ‎02-08-2024

Dear Community,

We use cisco switch model c9200l and on boarding in ISE dashboard.

We also config IP ISE server on switch level.

Could you provide the good practice how to check connectivity with below info.

- From switch to endpoints ( PCs) ( MAB profiling: IP phone, printer, cctv...)

- From switch to ISE server

Thanks,

MHM Cisco World · ‎02-09-2024

from the SW to ISE server
in SW there is command test aaa server which you can use to check if ISE is reachable or not

between SW and endpoint, if the endpoint is not authc then you need to depend on show interface to check if interface is UP/UP
MHM

View solution in original post

MHM Cisco World · ‎02-09-2024

from the SW to ISE server
in SW there is command test aaa server which you can use to check if ISE is reachable or not

between SW and endpoint, if the endpoint is not authc then you need to depend on show interface to check if interface is UP/UP
MHM

Aref Alsouqi · ‎02-09-2024

It is a best practice to configure a test user on the switches to check on ISE periodically, this user doesn't have to exist on ISE nor have a response back from ISE, it is purely for checking on ISE availability. You can do that in a similar way to this example:

radius server < RADIUS server name >
address ipv4 x.x.x.x auth-port 1812 acct-port 1813
automate-tester username < any name > ignore-acct-port
key xxxxxxx

Please note that the "ignore-acct-port" is used to disable testing for accounting server. Also, to suppress the logs that would be generated by these tests on ISE, you can do that by suppressing any log from the test user you define.