Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
484
Views
2
Helpful
3
Replies

IOS XE ISE configuration

Sasquatch_13
Level 1
Level 1

‎03-09-2023 01:36 AM - edited ‎03-09-2023 01:44 AM

is there any update on ISE configuration on ios xe switches from old ios switch ? I am facing  issue regarding authentication in cat 9ks.

i replicate my old ios configuration on the new ios xe switches and from the switch client to getting authenticate.

 

aaa new-model
!
!
aaa group server radius ISE_RADIUS
server-private 172.16.1.150 key cisco

aaa authentication dot1x default group ISE_RADIUS
aaa authorization network default group ISE_RADIUS

aaa server radius dynamic-author
client 172.16.1.150 server-key cisco

Labels:
0 Helpful
3 Replies 3

rasmus.elmholt
Level 7
Level 7

‎03-09-2023 03:35 AM

You need to define you server somehow. you reference a server group called ISE_RADIUS with a server, but the server is not defined?

 

aaa new-model
aaa authentication login default local
aaa authentication login AAA group radius local
aaa authorization exec default local 
aaa authorization exec AAA group radius local 
aaa session-id common
radius server RADIUS01
 address ipv4 8.8.8.8 auth-port 1645 acct-port 1646
 key RADIUSKEY

rasmus.elmholt
Level 7
Level 7

‎03-09-2023 03:43 AM

you can find an exaple here: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/17-6/configuration_guide/sec/b_176_sec_9300_cg/configuring_authentication.html

 

Device> enable 
Device# configure terminal
Device(config)# aaa new-model
Device(config)# radius server radserver
Device(config-sg-radius)# address ipv4 radius-host
Device(config-sg-radius)# key myRaDiUSpassWoRd
Device(config-sg-radius)# exit
Device(config)# radius-server configure-nas
Device(config)# username root password ALongPassword
Device(config)# aaa authentication ppp dialins group radius local
Device(config)# aaa authentication login admins local
Device(config)# aaa authorization network default group radius local
Device(config)# aaa accounting network default start-stop group radius
Device(config)# aaa processes 16
Device(config)# line 1 16
Device(config-line)# autoselect ppp
Device(config-line)# autoselect during-login
Device(config-line)# login authentication admins
Device(config-line)# modem dialin
Device(config-line)# exit
Device(config)# interface gigabitethernet 1/2/0
Device(config-if)# group-range 1 16
Device(config-if)# encapsulation ppp
Device(config-if)# ppp authentication pap dialins
Device(config-if)# end

  

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card