06-21-2021 09:12 AM - edited 06-21-2021 09:19 AM
Hi,
I am configuring NAC on a customers site. We are now rolling NAC out to all branches.
I am configuring the radius servers on the switch
aaa group server radius ISE
server name ise01
server name ise02
ip radius source-interface vlan 2
!
exit
aaa authentication dot1x default group ISE
aaa authorization network default group ISE
aaa accounting update newinfo periodic 5
aaa accounting identity default start-stop group ISE
aaa accounting system default start-stop group ISE
aaa authorization console
aaa authorization config-commands
!
radius server ise01
address ipv4 1.1.1.1 auth-port 1812 acct-port 1813
key cisco123
!
radius server ise02
address ipv4 2.2.2.2 auth-port 1812 acct-port 1813
key cisco123
!
radius-server dead-criteria time 10 tries 5
radius-server attribute 6 on-for-login-auth
radius-server attribute 6 support-multiple
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server attribute 31 mac format ietf upper-case
radius-server vsa send authentication
radius-server vsa send accounting
radius-server deadtime 5
!
aaa server radius dynamic-author
client 1.1.1.1 server-key cisco123
client 2.2.2.2 server-key cisco123
!
When I am configuring the key for the radius server, I get the following.
WARNING: Command has been added to the configuration using a type 0 password. However, type 0 passwords will soon be deprecated. Migrate to a supported password type
How should I configure the radius server on the switch so an IOS upgrade will not cause this to fail.
Switch Ports Model SW Version SW Image ------ ----- ----- ---------- ---------- * 1 54 WS-C2960X-48FPS-L 15.2(7)E3 C2960X-UNIVERSALK9-M
Solved! Go to Solution.
06-21-2021 10:10 AM
Hi @Anthony O'Reilly ,
please check the following post: 3850 FUJI 16.9 code TACACS+ configuration, search for: key config-key password-encrypt.
Hope this helps !!!
06-21-2021 10:10 AM
Hi @Anthony O'Reilly ,
please check the following post: 3850 FUJI 16.9 code TACACS+ configuration, search for: key config-key password-encrypt.
Hope this helps !!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide