Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
233
Views
3
Helpful
4
Replies

ISE AAA Tacacs+ and Wired RADIUS 802.1X (NAC) not functional

Go to solution
Ferdaush
Beginner
Beginner

‎08-30-2023 07:40 AM - edited ‎09-03-2023 03:23 AM

I have configured a new Cisco Access switch (C9300-48U, CAT9K_IOSXE, SW Version- 17.03.03) for Device admin access "ISE AAA TACACS+" and ISE NAC Solution for Wired 802.1x. I did all the basic configuration and Wired 802.1x configuration as other switches. But while I was trying to login to the switch, it only accepted the Switch Local user and password and didn't ask for or accept Device ADMIN credentials.

Also, the Wired NAC solution is not functional.

Please find the Applied Basic Config and AAA config in the attachment.

Your kind support is highly appreciated. 

 

Preview file
5 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ferdaush
Beginner
Beginner

‎09-03-2023 04:05 AM

Thanks everyone for your valuable suggestions. I have solved the issue by adding a Default Gateway in the Access switch.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
balaji.bandi
VIP
VIP

‎08-30-2023 07:55 AM

Device access working in Cat 9300 example :

aaa new-model
!
!
tacacs server ISE01
address ipv4 192.x.x.1
key 7 xxxxxxxxxxxx
tacacs server ISE02
address ipv4 192.x.x.2
key 7 xxxxxxxxxxxx
!
aaa group server tacacs+ MY_ISE
server name ISE01
server name ISE02
!
aaa authentication login default group MY_ISE local
aaa authorization config-commands
aaa authorization exec default group MY_ISE local
aaa authorization commands 0 default group MY_ISE local
aaa authorization commands 1 default group MY_ISE local
aaa authorization commands 15 default group MY_ISE local
!

One step at a time - test device admin working ok - then 802.1x

Look at ISE 802.1x wired deployment guide :

https://community.cisco.com/t5/security-knowledge-base/ise-secure-wired-access-prescriptive-deployment-guide/ta-p/3641515

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
hslai
Cisco Employee
Cisco Employee

‎08-31-2023 09:35 PM

@Ferdaush I agreed with the other responses. 

Also take a look at Cisco ISE Device Administration Prescriptive Deployment Guide / Cisco IOS – Switches/Routers

Go to solution
Ferdaush
Beginner
Beginner

‎09-03-2023 04:05 AM

Thanks everyone for your valuable suggestions. I have solved the issue by adding a Default Gateway in the Access switch.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents