09-02-2016 08:17 AM - edited 03-08-2019 07:17 AM
I am working on a proof of concept to do wired authentication on access-level switches using ISE 2.1. I am working with a 3850 in the lab and despite my best efforts, I am not able to see the switch in my network devices list in ISE. Here are my applicable sections from the switch's config:
aaa new-model
!
!
aaa authentication dot1x default group ise-test
aaa authorization network default group ise-test
aaa authorization auth-proxy default group ise-test
aaa accounting update periodic 5
aaa accounting identity default start-stop group ise-test
!
snmp-server community ise-community RO
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 30 tries 3
!
radius server ise-test
address ipv4 10.1.3.12 auth-port 1812 acct-port 1813
pac key 7 key
What am I missing?
01-31-2017 12:06 PM
3850 is different from 3750 when it comes to dot1x.
you now need to have your authentication events/actions defined in class-map referenced with a service policy attached to the user port.
12-20-2017 06:16 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide