US Region

Grandmetric LLC
Brookfield Place Office
200 Vesey Street
New York, NY 10281
EIN: 98-1615498
Phone: +1 302 691 94 10

EMEA Region

ul. Metalowa 5, 60-118 Poznań, Poland
NIP 7792433527
+48 61 271 04 43

Cisco Switch and ISE unified port configuration

Design & Configure

Cisco Switch and ISE unified port configuration

Technology: Network Security
Area: Access and Identity Management
Vendor: Cisco
Software: IOS 12.X, IOS 15.X
Platform: Catalyst 2960-X, Catalyst 3560, Catalyst 3750, Catalyst 3850


The one of main advantages of using central point of network access policy management (Cisco ISE) is possibility of keeping common access ports configuration across the network regardless location, switch type and users connected. To configure the switch to act as a radius client and port to be unified follow the below configuration template (with respect to your network details, passwords etc.). This type of configuration enables 802.1X and MAB type access (including wired Guest Portal Authentication).


aaa new-model
aaa authentication dot1x default group radius local
aaa authorization network default group radius
aaa accounting network ISE start-stop group radius

ip radius source-interface Vlan10
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 5 tries 2
radius-server host key Cisco123
radius-server host key Cisco123
radius-server deadtime 5
radius-server vsa send accounting
radius-server vsa send authentication
dot1x system-auth-control

interface FastEthernet0/1
switchport access vlan 10
switchport mode access
authentication event server dead action reinitialize vlan 10
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication port-control auto
dot1x pae authenticator
dot1x timeout tx-period 3
spanning-tree portfast

Author: Marcin Bialy