07-23-2017 07:39 PM - edited 03-11-2019 12:52 AM
Dear Sir,
Recently, I use a normal L2 switch to connect a Cisco ISE.
No matter, how I change configuration, and My L2 switch just can't get authorization from ISE.
However, I try some other windows base Radius server, and it all works, therefore, I think my configuration of L2 switch should be fine.
My L2 switch is able to realized MD5-Challenge, PEAP, and TLS authorized mothed.
Please give me a sign, thanks.
Best regards,
Kelvin
07-23-2017 08:08 PM
What does the RADIUS Live log detail show on the ISE side?
07-25-2017 07:54 PM
Dear Sir,
I finally request that system log from ISE side
Please check the attach picture.
Do you have any idea ?
Besides, I am wondering that do you know what's "AVP: l=85 t=State(24)" ?
Do you know what's the purpose of attribute 85?
I checked wireshark log from my L2 switch ISE, and it seems my switch didn't send back this AVP.
Could this be that root cause?
Thanks, have a good day.
Best regards,
Kelvin
07-25-2017 11:09 PM
The screenshot shows ISE proposing EAP TLS and sending a challenge to which the switch does not respond.
RADIUS attribute 85 is:
Acct-Interim-Interval |
Indicates the number of seconds between each interim update in seconds for this specific session. This value can only appear in the Access-Accept message. |
Source: http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfrdat1.html
07-26-2017 12:51 AM
Thanks, I will re-try it, and thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide