03-13-2018 11:12 AM
Hi Experts,
I have Cat3750 V2 running 12.2.55 and doing dACL. I'm getting the following message on ISE 1.4p11. the same switch config,..well, highly similar config...works on Cat3650 running 3.6.7E.
Is this some sort of NAD/ISE compatibility issue? or some radius-server attribute command I need to add on Cat 3750V2?
"""
11025
The Access-Request for the requested dACL is missing a cisco-av-pair attribute
with the value aaa:event=acl-download. The request is rejected
"""
Thanks!
Solved! Go to Solution.
03-13-2018 12:55 PM
Okay... just found out...these 2 commands were missed. The reason why one switch worked is because "Beginning from Cisco IOS version 15.2(1)E / XE 3.5.0E , the VSA commands are enabled by default."
Demystifying RADIUS Server Configurations - Cisco
radius-server vsa send accounting
radius-server vsa send authentication
03-13-2018 12:55 PM
Okay... just found out...these 2 commands were missed. The reason why one switch worked is because "Beginning from Cisco IOS version 15.2(1)E / XE 3.5.0E , the VSA commands are enabled by default."
Demystifying RADIUS Server Configurations - Cisco
radius-server vsa send accounting
radius-server vsa send authentication
03-13-2018 03:25 PM
Many thanks for finding out the answer yourself and sharing it.
Last time I used 12.2(55) or 15.0(2)SE was 4 years ago and I would not have not remember this.
02-26-2021 04:06 PM
thanks, it really helped
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: