cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2194
Views
5
Helpful
2
Replies
Manish Patel
Beginner

Radius authentication with ISE and Nexus 7k

Hi

i am trying to assign a right role for a user who authenticates to nexus 7k switch via radius. i am using cisco ISE version 1.1.1.268 and the nexus version is    5.0.2

I have created a role on nexus

role name network-XXX

  rule 2 permit read

  rule 1 permit command show running-config

on the ise , i have created an authorization profile :

Cisco:cisco-av-pair= shell:roles*"network-XXX"

on the ise authentication result , i can see that the "network-XXX" is passed on to Nexus, but the switch fails to understand it and doesnt allow me to issue the command show running-config.

i have tried various iterations on ISE attribute. i.e

shell:roles*"network-operator network-XXX"

shell:roles=network-XXX

shell:roles*"network-XXX vdc-admin"

none of them seem to work.

Any one with any ideas?

2 REPLIES 2
harvisin
Participant

Hello Manish,

The switch that you hev deployed i.e Nexus 7k series, does not support the features of ISE 1.1.1. For your reference please go through the link below:-

http://www.cisco.com/en/US/docs/security/ise/1.1/compatibility/ise_sdt.html

Hello Harvisin,

Do Nexus support radius authentication with ISE 1.3??. All the access switches we have integrated for

for AAA/Radius authentication with ISE.

http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/compatibility/ise_sdt.html

Nexus are not reflecting in the above ISE 1.3 compatibility matrix chart.

Regards,
Deepu

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube