Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1184
Views
0
Helpful
1
Replies

Configuring a specific method list for Dot1X and RADIUS

SMD28316
Level 1
Level 1

‎12-29-2021 02:40 AM

In AAA configuration, I can create a new method list to be used for RADIUS:

aaa authentication dot1x TEST_AUTH group ISE
aaa authorization network TEST_AUTHZ group ISE
aaa accounting dot1x TEST_ACC start-stop group ISE

 

instead of the default one:

aaa authentication dot1x default group ISE
aaa authorization network default group ISE
aaa accounting dot1x default start-stop group ISE

 

My question is how can I use the methods I created above for interface MAB authentication? I don't want to use the default method list.

 

For line configuration we have:

aaa authentication <method_name>

 

what about the other interfaces?

0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎12-29-2021 03:09 AM - edited ‎12-29-2021 03:10 AM

@SMD28316 just by defining your named method lists for AAA, these will override the "default" list (if defined).

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/xe-3s/sec-usr-aaa-xe-3s-book/sec-cfg-authentifcn.html#GUID-3540BC5F-F150-4FAB-9364-7B2FF89123FC

 

You'd obviously need the MAB configuration defined under the interfaces, if configured they will use the method list configured.

 

You can refer to the ISE wired guide for more information on the aaa configuration.

https://community.cisco.com/t5/security-documents/ise-secure-wired-access-prescriptive-deployment-guide/ta-p/3641515

 

 

 

0 Helpful
Customers Also Viewed These Support Documents