I am working on a proof of concept to do wired authentication on access-level switches using ISE 2.1. I am working with a 3850 in the lab and despite my best efforts, I am not able to see the switch in my network devices list in ISE. Here are my applicable sections from the switch's config:
aaa authentication dot1x default group ise-test
aaa authorization network default group ise-test
aaa authorization auth-proxy default group ise-test
aaa accounting update periodic 5
aaa accounting identity default start-stop group ise-test
snmp-server community ise-community RO
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 30 tries 3
radius server ise-test
address ipv4 10.1.3.12 auth-port 1812 acct-port 1813
pac key 7 key
What am I missing?
3850 is different from 3750 when it comes to dot1x.
you now need to have your authentication events/actions defined in class-map referenced with a service policy attached to the user port.
This helped to find out a solution for the same issue.