ISE switch configs

James332255 · ‎06-03-2024

Good afternoon

I'm working on setting up an ISE server at work, the server is installed and accessible and I have some questions about the AAA configurations required on the Cisco switch.

I've gone through videos and documentation and, if I'm understanding correctly, it seems like you create a Radius object (container) in the switch, assign that to a Radius group, and point your switch AAA to that group, is this correct?

I'm also a little confused on the IP address assignment. When I create the container, I am supposed to assign it an IP address, is that an available IP address on my network or is it one that is directly related to ISE (for instance, the IP of the ISE server itself)?

When I go through the dynamic author commands I have to enter a server key, where is that key coming from?

I think I understand how the switch works together with ISE from a thousand-foot view and I'm just trying to work out some of the details. I would appreciate any response

Also, sorry if I'm putting this on the wrong board. This is the first time I have ever posted anything here

Rob Ingram · ‎06-03-2024

@James332255 the IP address defined within the RADIUS "container" is the IP address of the ISE PSN and the RADIUS shared secret defined under this "container" is the same shared secret defined in ISE under the Network Device that relates to this switch.

The dynamic author key is the same key defined under the Network Device in ISE.

Refer to the ISE Wired prescriptive guide for Wired 802.1X best practices.

https://community.cisco.com/t5/security-knowledge-base/ise-secure-wired-access-prescriptive-deployment-guide/ta-p/3641515

ahollifield · ‎06-03-2024

https://www.ise-support.com/cisco-ise-nad-configuration-templates/