cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

584
Views
10
Helpful
2
Replies
Highlighted
Beginner

Cisco ISE and 2960 Access Switch Integrating

Hi all,
I've configure my 2960 access switch to integrate with ISE to use Radius 802.1x authentication for Endpoints.


vlan 10
name Mgmt_nwk
vlan 20
name Staff_Nwk01
vlan 30
name Staff_Nwk02
vlan 40
name Staff_Network03
int vlan 10
ip add 192.168.100.10 255.255.255.0
ip default-gateway 192.168.100.1

ip radius source-interface Vlan10

 

I've configured 3 VLANs and configure interface vlan for VLAN 10.
And for the radius, I configure vlan 10 as source interface.

Although I only use vlan 10 as source-interface for Radius, if I enabled 802.1x authentication on switch port that is configured for "access vlan 20 or access vlan 30" ,then enpoint that connect to those ports should also be participate with ISE Radius authentication process. I'm right ?

Thank you so much all!!

2 REPLIES 2
Highlighted
VIP Advisor

Yes, specificying vlan 10 as the radius source interface just means that the radius traffic will be sourced from 192.168.100.10 to ise. The switch will forward client authentication requests to ise sourced from that address.

Then within ise you typically create a network device object with that matching address.
Highlighted
VIP Mentor

yes, that is correct if your VLAN 10 is the Management VLAN where the switch can reach ISE.

 

 

BB
*** Rate All Helpful Responses ***
Content for Community-Ad