Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2632
Views
5
Helpful
2
Replies

Radius authentication with ISE and Nexus 7k

Manish Patel
Level 1
Level 1

‎03-25-2013 09:43 PM - edited ‎03-10-2019 08:14 PM

Hi

i am trying to assign a right role for a user who authenticates to nexus 7k switch via radius. i am using cisco ISE version 1.1.1.268 and the nexus version is    5.0.2

I have created a role on nexus

role name network-XXX

  rule 2 permit read

  rule 1 permit command show running-config

on the ise , i have created an authorization profile :

Cisco:cisco-av-pair= shell:roles*"network-XXX"

on the ise authentication result , i can see that the "network-XXX" is passed on to Nexus, but the switch fails to understand it and doesnt allow me to issue the command show running-config.

i have tried various iterations on ISE attribute. i.e

shell:roles*"network-operator network-XXX"

shell:roles=network-XXX

shell:roles*"network-XXX vdc-admin"

none of them seem to work.

Any one with any ideas?

1 person had this problem
Labels:
0 Helpful
2 Replies 2

harvisin
Level 3
Level 3

‎04-05-2013 07:53 PM

Hello Manish,

The switch that you hev deployed i.e Nexus 7k series, does not support the features of ISE 1.1.1. For your reference please go through the link below:-

http://www.cisco.com/en/US/docs/security/ise/1.1/compatibility/ise_sdt.html

deepuvarghese1
Spotlight
Spotlight
In response to harvisin

‎04-13-2016 01:29 AM

Hello Harvisin,

Do Nexus support radius authentication with ISE 1.3??. All the access switches we have integrated for

for AAA/Radius authentication with ISE.

http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/compatibility/ise_sdt.html

Nexus are not reflecting in the above ISE 1.3 compatibility matrix chart.

Regards,
Deepu

0 Helpful
Customers Also Viewed These Support Documents