Solved: Configure Radius on Cisco 9300 to Allow Hosts to Access the Internet

candidolevy · ‎05-10-2023

I upgraded cisco switch 2960x to 9300 and copied all configurations from 2960x to 9300 and I didn't have any syntax errors, however the hosts cannot be authenticated by ISE when they try to access the Internet. On the intranet everything is fine.

I ask for your support in resolving this problem.

I want the hosts to access the internet

Best regards

Rob Ingram · ‎05-10-2023

@candidolevy can you see any log entries on ISE Live Logs?

Please provide your switch configuration and the ouput of the following commands:-

show authentication session
show dot1x
show dot1x statistics
show aaa server

View solution in original post

Rob Ingram · ‎05-10-2023

@candidolevy can you see any log entries on ISE Live Logs?

Please provide your switch configuration and the ouput of the following commands:-

show authentication session
show dot1x
show dot1x statistics
show aaa server

MHM Cisco World · ‎05-10-2023

Does ISE use dynamic vlan?

candidolevy · ‎05-10-2023

Hello,

ISE is not using a dynamic vlan

candidolevy · ‎05-10-2023

MHM Cisco World · ‎05-10-2023

please share the interface config
and the show ACL you apply to interface

candidolevy · ‎05-10-2023

Hello,

MHM Cisco World · ‎05-10-2023

voice + data vlan

But you use multi-auth

You need to config multi-domian

candidolevy · ‎05-10-2023

Ok Sir.

Let me see the result

candidolevy · ‎05-10-2023

Hello @MHM Cisco World,

I still don't have internet access

MHM Cisco World · ‎05-10-2023

Shut no shut the interface' to re-authz the host

MHM Cisco World · ‎05-10-2023

waiting your reply
thanks

candidolevy · ‎05-10-2023

Hello Mr. @MHM Cisco World

I was at a meeting scheduled at the last minute.

Pardon me.

But even after restarting the interface, I still have no internet access

MHM Cisco World · ‎05-10-2023

show ip access-list interface X <<-

I need to see the acl after success Authz

candidolevy · ‎05-10-2023