US Region

Grandmetric LLC
Lewes DE 19958
16192 Coastal Hwy USA
EIN: 98-1615498
+1 302 691 94 10

EMEA Region

ul. Metalowa 5, 60-118 Poznań, Poland
NIP 7792433527
+48 61 271 04 43


Grandmetric LTD
Office 584b
182-184 High Street North
E6 2JA
+44 20 3321 5276

  • en
  • pl
  • Cisco Switch and ISE unified port configuration

    Design & Configure

    Cisco Switch and ISE unified port configuration

    Technology: Network Security
    Area: Access and Identity Management
    Vendor: Cisco
    Software: IOS 12.X, IOS 15.X
    Platform: Catalyst 2960-X, Catalyst 3560, Catalyst 3750, Catalyst 3850


    The one of main advantages of using central point of network access policy management (Cisco ISE) is possibility of keeping common access ports configuration across the network regardless location, switch type and users connected. To configure the switch to act as a radius client and port to be unified follow the below configuration template (with respect to your network details, passwords etc.). This type of configuration enables 802.1X and MAB type access (including wired Guest Portal Authentication).


    aaa new-model
    aaa authentication dot1x default group radius local
    aaa authorization network default group radius
    aaa accounting network ISE start-stop group radius

    ip radius source-interface Vlan10
    radius-server attribute 6 on-for-login-auth
    radius-server attribute 8 include-in-access-req
    radius-server attribute 25 access-request include
    radius-server dead-criteria time 5 tries 2
    radius-server host key Cisco123
    radius-server host key Cisco123
    radius-server deadtime 5
    radius-server vsa send accounting
    radius-server vsa send authentication
    dot1x system-auth-control

    interface FastEthernet0/1
    switchport access vlan 10
    switchport mode access
    authentication event server dead action reinitialize vlan 10
    authentication event server alive action reinitialize
    authentication host-mode multi-auth
    authentication port-control auto
    dot1x pae authenticator
    dot1x timeout tx-period 3
    spanning-tree portfast

    Author: Marcin Bialy