Solved: RADIUS attribute

Ping Zhou · ‎03-13-2018

Hi Experts,

I have Cat3750 V2 running 12.2.55 and doing dACL. I'm getting the following message on ISE 1.4p11. the same switch config,..well, highly similar config...works on Cat3650 running 3.6.7E.

Is this some sort of NAD/ISE compatibility issue? or some radius-server attribute command I need to add on Cat 3750V2?

"""

11025

The Access-Request for the requested dACL is missing a cisco-av-pair attribute

with the value aaa:event=acl-download. The request is rejected

"""

Thanks!

Ping Zhou · ‎03-13-2018

Okay... just found out...these 2 commands were missed. The reason why one switch worked is because "Beginning from Cisco IOS version 15.2(1)E / XE 3.5.0E , the VSA commands are enabled by default."

Demystifying RADIUS Server Configurations - Cisco

radius-server vsa send accounting

radius-server vsa send authentication

View solution in original post

Ping Zhou · ‎03-13-2018

Okay... just found out...these 2 commands were missed. The reason why one switch worked is because "Beginning from Cisco IOS version 15.2(1)E / XE 3.5.0E , the VSA commands are enabled by default."

Demystifying RADIUS Server Configurations - Cisco

radius-server vsa send accounting

radius-server vsa send authentication

hslai · ‎03-13-2018

Many thanks for finding out the answer yourself and sharing it.

Last time I used 12.2(55) or 15.0(2)SE was 4 years ago and I would not have not remember this.

pavank2 · ‎02-26-2021

thanks, it really helped