10-18-2022 12:01 PM
Hey Guys, I have a test switch I am working with and connected to my ISE server.
It seems to be using PAP for authentication but I want to change that to CHAP or MS-CHAPv1.
I have already done that on the ISE side now I have to do that on the switch but there is no documentation or forum that can assist me with my issue.
I have also tied in AD to the ISE as well. The switches I am working with are 2960 and 9200. The error code is 15024
10-18-2022 12:22 PM
is the question-related user authentication ? or device authentication?
how is your config on the switch?
10-18-2022 12:28 PM
so for the device once I switch the authentication from PAP to CHAP it does not allow access to the switch that has been connected to ISE. the switch us done in the ISE GUI. It seems to be defaulting to PAP but the goal is to be able to switch the authentication on the switch to CHAP or MS-CHAPv1
10-18-2022 02:18 PM
Yes ISE with error you share is indicate that SW use PAP and you need CHAP or MS-CHAPv1.
can you share the config of
aaa auth
10-19-2022 06:19 AM
aaa authentication login VTY group ise-servers local
aaa authentication enable default group ise-servers enable
aaa authorization exec VTY group ise-servers local
aaa authorization config-commands
aaa authorization console
aaa accounting exec default start-stop group ise-servers
aaa accounting system default start-stop group ise-servers
no aaa accounting system guarantee-first
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide