Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
707
Views
2
Helpful
3
Replies

CISCO ISE

Go to solution
Nick O
Level 1
Level 1

‎08-28-2023 08:03 AM

I have a ISE server that is unable to communicate with my switch stack. I have tied in my ISE server on the switch already below is my config. 

aaa authentication login VTY group ise-servers local
aaa authentication enable default group ise-servers enable
aaa authorization exec VTY group ise-servers local
aaa authorization config-commands
aaa authorization console
aaa accounting exec default start-stop group ise-servers
aaa accounting commands 0 default start-stop group ise-servers
aaa accounting commands 1 default stop-only group ise-servers
aaa accounting commands 7 default stop-only group ise-servers
aaa accounting commands 15 default stop-only group ise-servers
aaa accounting system default start-stop group ise-servers

 

I have tested my user created on my ISE gui using the test aaa group ise-servers username password which came back successful but when i try to log in through ssh it is blocked. also when I open another ssh session to log in with local credentials on the switch it errors out saying Error in Authentication.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to Nick O

‎08-28-2023 08:25 AM

@Nick O your method list is VTY, that should be referenced under the VTY line configuration

line vty 0 4
 login authentication VTY

Guide for reference - https://community.cisco.com/t5/security-knowledge-base/cisco-ise-device-administration-prescriptive-deployment-guide/ta-p/3738365

 

View solution in original post

3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎08-28-2023 08:09 AM

@Nick O as you've defined the method list called VTY have you configured the VTY lines to use this method  list? If not it will not use ISE for AAA.

Go to solution
Nick O
Level 1
Level 1

‎08-28-2023 08:14 AM

line vty 0 4
exec-timeout 30 0
password 7 070C285F4D0659
logging synchronous
login authentication ise-servers
transport input ssh

 

this is the config I have right now 

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to Nick O

‎08-28-2023 08:25 AM

@Nick O your method list is VTY, that should be referenced under the VTY line configuration

line vty 0 4
 login authentication VTY

Guide for reference - https://community.cisco.com/t5/security-knowledge-base/cisco-ise-device-administration-prescriptive-deployment-guide/ta-p/3738365

 

Customers Also Viewed These Support Documents