03-09-2023 01:36 AM - edited 03-09-2023 01:44 AM
is there any update on ISE configuration on ios xe switches from old ios switch ? I am facing issue regarding authentication in cat 9ks.
i replicate my old ios configuration on the new ios xe switches and from the switch client to getting authenticate.
aaa new-model
!
!
aaa group server radius ISE_RADIUS
server-private 172.16.1.150 key cisco
aaa authentication dot1x default group ISE_RADIUS
aaa authorization network default group ISE_RADIUS
aaa server radius dynamic-author
client 172.16.1.150 server-key cisco
03-09-2023 03:35 AM
You need to define you server somehow. you reference a server group called ISE_RADIUS with a server, but the server is not defined?
aaa new-model
aaa authentication login default local
aaa authentication login AAA group radius local
aaa authorization exec default local
aaa authorization exec AAA group radius local
aaa session-id common
radius server RADIUS01
address ipv4 8.8.8.8 auth-port 1645 acct-port 1646
key RADIUSKEY
03-09-2023 03:43 AM
you can find an exaple here: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/17-6/configuration_guide/sec/b_176_sec_9300_cg/configuring_authentication.html
Device> enable
Device# configure terminal
Device(config)# aaa new-model
Device(config)# radius server radserver
Device(config-sg-radius)# address ipv4 radius-host
Device(config-sg-radius)# key myRaDiUSpassWoRd
Device(config-sg-radius)# exit
Device(config)# radius-server configure-nas
Device(config)# username root password ALongPassword
Device(config)# aaa authentication ppp dialins group radius local
Device(config)# aaa authentication login admins local
Device(config)# aaa authorization network default group radius local
Device(config)# aaa accounting network default start-stop group radius
Device(config)# aaa processes 16
Device(config)# line 1 16
Device(config-line)# autoselect ppp
Device(config-line)# autoselect during-login
Device(config-line)# login authentication admins
Device(config-line)# modem dialin
Device(config-line)# exit
Device(config)# interface gigabitethernet 1/2/0
Device(config-if)# group-range 1 16
Device(config-if)# encapsulation ppp
Device(config-if)# ppp authentication pap dialins
Device(config-if)# end
03-09-2023 03:48 AM
check cat 9300 config guide :
there are also templates here :
https://www.ise-support.com/cisco-ise-nad-configuration-templates/
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide