10-16-2019 06:02 PM
Hi,
Is the password for this CLI "automate-tester username dummy probe-on" needed?
radius server ise
automate-tester username dummy probe-on
key testise
Is "key testise" related to automate-tester username dummy probe-on?
Solved! Go to Solution.
10-16-2019 07:31 PM
10-16-2019 07:31 PM
10-17-2019 12:45 AM
Hi,
So this "dummy" is not a username configured in ISE. Basically "dummy" is going to fail.
But the key needs to be correct same like in ISE.
AM i correct?
10-22-2019 06:26 AM
Hi,
If I check the username dummy(by filter) in the ISE live logs, can I see the failed session for user "dummy"?
10-24-2019 07:38 AM
By default ISE will not disclose invalid usernames in the RADIUS logs. You can turn that annoying feature off in the RADIUS settings in ISE. As Damien said ISE can reject the authentication and the switch won't care as long as it is getting a response.
I usually setup a policy set for the switch keep alives as I don't like not handling the request properly. I set the authentication to internal user and set the user not found to Continue. Then I put in an authorization rule to allow the access with a deny all DACL. Once I see the successful hits in the RADIUS logs I turn on suppression for the User ID so the switch probes aren't filling up my logs.
05-26-2020 12:00 PM
Is it possible to share your authentication and authorization rules in your policy set? I would like to do this as the "Invalid" errors is filling up the Live logs.
Thanks
05-26-2020 12:29 PM
Skip the policy set and just go to Administration->System->Logging->Collection Filters and setup a new collection filter to Filter All for the username "dummy" or whatever you are using for your switch keep-alive probes.
05-26-2020 01:32 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: