Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1456
Views
4
Helpful
6
Replies

ISE RADIUS and Nexus 9k

Go to solution
emrglr
Level 1
Level 1

‎04-11-2023 04:06 AM

I have Nexus 9k connected to an ISE server for login authentication and the login goes through and I am successfully logged into the 9k however when i try to log in same username/wrong password login goes successfully anyway. So i think ISE not checking the password. What am I missing?

--------------------------------------------

radius-server key 7 "fewhg"
radius-server host 172.16.5.238 authentication accounting
aaa group server radius ISE
server 172.16.5.238
source-interface Vlan5

aaa authentication login default group ISE ISE

--------------------------------------------

1 Accepted Solution

Accepted Solutions

Go to solution
Nancy Saini
Cisco Employee
Cisco Employee

‎04-11-2023 09:48 AM

I am suspecting misconfiguration in authentication policy on ISE. Could you check if option selected in "If Auth fails" is "Continue". It should be "Reject".

NancySaini_0-1681231611074.png

 

View solution in original post

6 Replies 6

Go to solution
MHM Cisco World
VIP
VIP

‎04-11-2023 04:51 AM

that so wired, 
please share below 
show radius-server hostname statistics 

0 Helpful

Go to solution
emrglr
Level 1
Level 1
In response to MHM Cisco World

‎04-11-2023 04:57 AM

There is no such command. is this the command you want?

SW-C9300-01# show radius-server sorted
Global Radius shared secret:********
timeout value:5
retransmission count:1
deadtime value:0
secure radius mode:none
source interface:any available
total number of servers:1

following RADIUS servers are configured:
172.16.5.238:
available for authentication on port: 1812
available for accounting on port: 1813
timeout:5
retries:1
tls idle timeout:600

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to emrglr

‎04-11-2023 05:26 AM

show radius-server  statistics <server name>

0 Helpful

Go to solution
emrglr
Level 1
Level 1
In response to MHM Cisco World

‎04-11-2023 05:28 AM

SW-C9300-01# show radius-server statistics 172.16.5.238
Server is not monitored

Authentication Statistics
failed transactions: 16
sucessfull transactions: 31
requests sent: 59
requests timed out: 24
responses with no matching requests: 0
responses not processed: 4
responses containing errors: 0

Accounting Statistics
failed transactions: 0
sucessfull transactions: 0
requests sent: 0
requests timed out: 0
responses with no matching requests: 0
responses not processed: 0
responses containing errors: 0

Go to solution
Nancy Saini
Cisco Employee
Cisco Employee

‎04-11-2023 09:48 AM

I am suspecting misconfiguration in authentication policy on ISE. Could you check if option selected in "If Auth fails" is "Continue". It should be "Reject".

NancySaini_0-1681231611074.png

 

Go to solution
emrglr
Level 1
Level 1
In response to Nancy Saini

‎04-11-2023 11:50 PM

Thank you vey much Nancy. It worked.

0 Helpful
Customers Also Viewed These Support Documents