Ciso ISE 3.0 configuration issue

rahul.k1 · ‎05-23-2022

Hello team ,

I tried to set up a CIsco ISE version 3.0 within an existing topology where we have already been using ISE version 2.7 .

following actions are performed for the deployment of Cisco ISE 3.0

Installation and basic configuration of cisco ISE in VMware
LDAP integration with ISE
Added their Network access devices(two 2960-x switches) to ISE 3.0 (these switches already running ise 2.7)
Configured Wired, MAB policy for agentless posturing
Added test endpoint (one) into for testing purpose
Endpoint login configuration under Windows Local user in ISE is successful for agentless posture
Windows 10 Endpoint Configuration for identified Test Endpoint
Switch configuration

Got successful ping from test pc to Ise 3.0 and vice versa but the testpc is not authenticated with ise 3.0 and couldn't get the radius logs.

please help me out to get the solution

UdupiKrishna · ‎05-23-2022

Has the switch been configured properly to perform dot1x auth on the connected port. Whats the dot1x status on the interface? Have you tried looking at the logs on switch e.g. RADIUS. Enable dot1x debug on the switch if necessary and run your tests.

Here's a guide explaining commands needed to enable dot1x on a Cisco switch - https://www.cisco.com/c/en/us/support/docs/smb/switches/cisco-small-business-300-series-managed-switches/smb5635-configure-global-802-1x-properties-on-a-switch-through-the-c.html

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_55_se/configuration/guide/3750xscg/sw8021x.html#82067