Solved: Re: SDA Trustsec Issues

mattw · ‎11-10-2022

Hello!

I'm setting up a new SDA environment for a customer. They have DNAC 2.3.3.5, ISE 3.1p3, 9500 borders running 17.6.4 and WS-C3650-12X48FD edge switches running 16.12.3s (currently only 2x test edge switches).

I noticed in the ISE RADIUS live logs there are multiple CTS errors for both switches (see attached).

Looks like the switch is trying to communicate with ISE using an unsupported SSL/TLS version which is causing the handshake to fail?

Any idea where I go from here?

I checked Settings > Security settings and these are set to (what I guess are) their defaults: TLS 1.0 and SHA1 ciphers disabled and everything else enabled.

Many thanks in advance!

Matt.

ahollifield · ‎11-10-2022

TLS 1.0 is required for TrustSec

View solution in original post

ahollifield · ‎11-10-2022

TLS 1.0 is required for TrustSec

mattw · ‎11-10-2022

Hi @ahollifield,

Thank you for confirming. I did end up enabling TLS 1.0 which kicked it into life. Seems bonkers in today's day and age??

ahollifield · ‎11-11-2022

Agree, it's a really common complaint among my customers.