cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

835
Views
70
Helpful
5
Replies
Network_Sarovani
Beginner

How do we check if Cisco ISE configured with RADIUS authentication ?

Hello Experts , 

 

How do we check if Cisco ISE configured with RADIUS authentication services or with TACACS ? 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions

yes correct as per the config - that is global config,. you can also check interface config is the same ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

5 REPLIES 5
Kasun Bandara
VIP Advocate

Cisco ISE itself a radius server. also can map to external radius server if required. check below link. 

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/213239-configure-external-radius-servers-on-ise.html#anc7

you can check policies for radius rules or tacacs rules and identify which services are configured. also use live log for radius and tacacs to identify activities for relevant services

 

Please rate this and mask as answer, if this resolved your issue
Good luck
KB
balaji.bandi
VIP Guru

ISE is Identity and TACACS/Radius purpose, You can check the end devices configured with ISE IP address:

 

check policies :

 

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/215525-use-radius-for-device-administration-wit.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

I see the below config on switches..So it means we are using radius ?

 

aaa new-model
!
!
aaa group server radius ISE
server name ISE1
server name ISE2
ip radius source-interface Vlan201
!
aaa authentication login default group ISE local
aaa authentication dot1x default group ISE
aaa authorization exec default group ISE local
aaa authorization network default group ISE
aaa accounting update newinfo periodic 2880
aaa accounting identity default start-stop group ISE
aaa accounting exec default start-stop group ISE
!
!
!

@Network_Sarovani check the ISE Live Logs or Device Admin Logs to determine whether there are RADIUS and/or TACACS sessions.

 

On the switches you can run "show authentication session" to determine whether there are active sessions.

yes correct as per the config - that is global config,. you can also check interface config is the same ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube