Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2215
Views
10
Helpful
2
Replies

The correct way to configure radius groups for Dot1X

Go to solution
SMD28316
Level 1
Level 1

‎10-24-2021 02:39 PM - edited ‎10-24-2021 04:31 PM

I am confused about RADIUS groups, for Dot1X I would like to add my RADIUS servers by IP to ISE group, like this:

aaa group server radius ISE
 server <ip_address_1> auth-port 1812 acct-port 1813
 server <ip_address_2> auth-port 1812 acct-port 1813
 deadtime 3
!

My question is how do I add the RADIUS keys? Do I have to configure the RADIUS servers again like this:

radius-server host <ip_address> auth-port 1812 acct-port 1813 key <KEY>

If so what is the point of adding the servers by IP to the radius group? if I configured the radius server as in the second command, will it be in the default RADIUS group as well?

 

 

1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎12-13-2021 01:50 PM

https://cs.co/ise-resources > ISE Secure Wired Access Prescriptive Deployment Guide

 

aaa new-model
aaa session-id common
!
radius server ISE01
 address ipv4 172.20.254.21 auth-port 1812 acct-port 1813
 automate-tester username test-user ignore-acct-port probe-on
 key ISEisC00L
!
radius server ISE02
 address ipv4 172.20.254.22 auth-port 1812 acct-port 1813
 automate-tester username test-user ignore-acct-port probe-on
 key ISEisC00L
!

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎10-25-2021 02:15 AM - edited ‎10-25-2021 02:15 AM

I follow as below :

 

radius server ISE1
 address ipv4 ip address of ISE 1  auth-port 1812 acct-port 11813
 key SECRET
radius server ISE2
 address ipv4 ip address of ISE 2  auth-port 1812 acct-port 11813
 key SECRET

Add a AAA Group for RADIUS referencing the ISE server

aaa group server radius ISE-Group
server name ISE1
server name ISE2

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
thomas
Cisco Employee
Cisco Employee

‎12-13-2021 01:50 PM

https://cs.co/ise-resources > ISE Secure Wired Access Prescriptive Deployment Guide

 

aaa new-model
aaa session-id common
!
radius server ISE01
 address ipv4 172.20.254.21 auth-port 1812 acct-port 1813
 automate-tester username test-user ignore-acct-port probe-on
 key ISEisC00L
!
radius server ISE02
 address ipv4 172.20.254.22 auth-port 1812 acct-port 1813
 automate-tester username test-user ignore-acct-port probe-on
 key ISEisC00L
!

 

0 Helpful
Customers Also Viewed These Support Documents