cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2282
Views
70
Helpful
5
Replies

How do we check if Cisco ISE configured with RADIUS authentication ?

Hello Experts , 

 

How do we check if Cisco ISE configured with RADIUS authentication services or with TACACS ? 

 

 

1 Accepted Solution

Accepted Solutions

yes correct as per the config - that is global config,. you can also check interface config is the same ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

5 Replies 5

Cisco ISE itself a radius server. also can map to external radius server if required. check below link. 

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/213239-configure-external-radius-servers-on-ise.html#anc7

you can check policies for radius rules or tacacs rules and identify which services are configured. also use live log for radius and tacacs to identify activities for relevant services

 

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

balaji.bandi
Hall of Fame
Hall of Fame

ISE is Identity and TACACS/Radius purpose, You can check the end devices configured with ISE IP address:

 

check policies :

 

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/215525-use-radius-for-device-administration-wit.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

I see the below config on switches..So it means we are using radius ?

 

aaa new-model
!
!
aaa group server radius ISE
server name ISE1
server name ISE2
ip radius source-interface Vlan201
!
aaa authentication login default group ISE local
aaa authentication dot1x default group ISE
aaa authorization exec default group ISE local
aaa authorization network default group ISE
aaa accounting update newinfo periodic 2880
aaa accounting identity default start-stop group ISE
aaa accounting exec default start-stop group ISE
!
!
!

@Network_Sarovani check the ISE Live Logs or Device Admin Logs to determine whether there are RADIUS and/or TACACS sessions.

 

On the switches you can run "show authentication session" to determine whether there are active sessions.

yes correct as per the config - that is global config,. you can also check interface config is the same ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: