Cisco Switch and ISE unified port configuration

Technology: Network Security
Area: Access and Identity Management
Vendor: Cisco
Software: IOS 12.X, IOS 15.X
Platform: Catalyst 2960-X, Catalyst 3560, Catalyst 3750, Catalyst 3850

The one of main advantages of using central point of network access policy management (Cisco ISE) is possibility of keeping common access ports configuration across the network regardless location, switch type and users connected. To configure the switch to act as a radius client and port to be unified follow the below configuration template (with respect to your network details, passwords etc.). This type of configuration enables 802.1X and MAB type access (including wired Guest Portal Authentication).

aaa new-model
aaa authentication dot1x default group radius local
aaa authorization network default group radius
aaa accounting network ISE start-stop group radius

ip radius source-interface Vlan10
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 5 tries 2
radius-server host 10.254.4.22 key Cisco123
radius-server host 10.254.4.23 key Cisco123
radius-server deadtime 5
radius-server vsa send accounting
radius-server vsa send authentication
dot1x system-auth-control

interface FastEthernet0/1
switchport access vlan 10
switchport mode access
authentication event server dead action reinitialize vlan 10
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication port-control auto
mab
dot1x pae authenticator
dot1x timeout tx-period 3
spanning-tree portfast
end