Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
358
Views
2
Helpful
3
Replies

Switch Server RADIUS Config Post SP Node Addition

aavnet89
Level 1
Level 1

‎02-20-2024 06:14 AM

Good morning, good afternoon, good evening,

I am currently in the process of adding an additional Service Policy Node at a branch office, providing first response authentication, locally to site. This node is adopted and syncronising within the distrubted deployment.

Current switch configuration has the IP and ports of both the primary and secondary ISE nodes, with a seperate encrypted key for each configured responding RADIUS node. I wish to add the third SPN to the configuration, with an encrypted key. My question: Where in the ISE GUI can I add an *additional* RADIUS secret key on an already configured NAD?

Example config:


radius server ISE1
address ipv4 1.1.1.1 auth-port 1645 acct-port 1646
key 7 DSDSHJDJKSHAKDKSHKDLKHSAKLDASD

radius server ISE2
address ipv4 2.2.2.2 auth-port 1645 acct-port 1646
key 7 DSLKJUDJSALKDJSAJDLKi823797239871DS


radius server NEW-ISE3
address ipv4 3.3.3.3 auth-port 1656 acct-port 1646
key 7 ENTERNEWKEYHERE *add to ISE*

With thanks, in advance,

Alex

 

 

0 Helpful
3 Replies 3

ahollifield
VIP
VIP

‎02-20-2024 09:05 AM

Why not just use the same key?  ISE supports up to two different keys for the same NAD but not three.

aavnet89
Level 1
Level 1

‎02-21-2024 06:21 AM

Thanks, ahollifield. An option, I have concidered.

To add context, the encrypted key as viewed on the NAD is different for each ISE node configured (primary and secondary respectively), i.e. switch1 has an encrypted key for ISE1 and an encrypted key for ISE2. When reviewing the ISE configuration via the GUI, a singular RADIUS key exists. Yet, both encrypted keys utilise two different hashes, those same hashed keys are configured identically across different switching infrastructure. Is this simply a case that the key (and password) has been hashed twice, and applied on multiple NADs?

 

0 Helpful

aavnet89
Level 1
Level 1

‎02-22-2024 12:08 AM

To add context, the encrypted key as viewed on the NAD is different for each ISE node configured (primary and secondary respectively), i.e. switch1 has an encrypted key for ISE1 and an encrypted key for ISE2. When reviewing the ISE configuration via the GUI, a singular RADIUS key exists. Yet, both encrypted keys utilise two different hashes, those same hashed keys are configured identically across different switching infrastructure. Is this simply a case that the key (and password) has been hashed twice, and applied on multiple NADs?

 

0 Helpful
Customers Also Viewed These Support Documents