cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
666
Views
0
Helpful
4
Replies

How can I use Normal L2 switch, NAS function to Connect to Cisco ISE

kelvin-chu
Level 1
Level 1

Dear Sir,

Recently, I use a normal L2 switch to connect a Cisco ISE.

No matter, how I change configuration, and My L2 switch just can't get authorization from ISE.

However, I try some other windows base Radius server, and it all works, therefore, I think my configuration of L2 switch should be fine.

My L2 switch is able to realized MD5-Challenge, PEAP, and TLS authorized mothed.

Please give me a sign, thanks.

Best regards,

Kelvin

4 Replies 4

Marvin Rhoads
Hall of Fame
Hall of Fame

What does the RADIUS Live log detail show on the ISE side?

Dear Sir,

I finally request that system log from ISE side

Please check the attach picture.

Do you have any idea ?

Besides, I am wondering that do you know what's "AVP: l=85  t=State(24)" ?

Do you know what's the purpose of attribute 85?

I checked wireshark log from my L2 switch ISE, and it seems my switch didn't send back this AVP.

Could this be that root cause?

Thanks, have a good day.

Best regards,

Kelvin 

The screenshot shows ISE proposing EAP TLS and sending a challenge to which the switch does not respond.

RADIUS attribute 85 is:

Acct-Interim-Interval

Indicates the number of seconds between each interim update in seconds for this specific session. This value can only appear in the Access-Accept message.

Source: http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfrdat1.html

Thanks, I will re-try it, and thanks