Poland
GRANDMETRIC Sp. z o.o.
ul. Metalowa 5, 60-118 Poznań, Poland
NIP 7792433527
+48 61 271 04 43
info@grandmetric.com
Sweden
Drottninggatan 86
111 36 Stockholm
+46 762 041 514
info@grandmetric.com
UK
Grandmetric LTD
Office 584b
182-184 High Street North
London
E6 2JA
+44 20 3321 5276
info@grandmetric.com
US Region
Grandmetric LLC
Lewes DE 19958
16192 Coastal Hwy USA
EIN: 98-1615498
+1 302 691 94 10
info@grandmetric.com
Technology: Network Security
Area: Access and Identity Management
Vendor: Cisco
Software: IOS 12.X, IOS 15.X
Platform: Catalyst 2960-X, Catalyst 3560, Catalyst 3750, Catalyst 3850
The one of main advantages of using central point of network access policy management (Cisco ISE) is possibility of keeping common access ports configuration across the network regardless location, switch type and users connected. To configure the switch to act as a radius client and port to be unified follow the below configuration template (with respect to your network details, passwords etc.). This type of configuration enables 802.1X and MAB type access (including wired Guest Portal Authentication).
aaa new-model
aaa authentication dot1x default group radius local
aaa authorization network default group radius
aaa accounting network ISE start-stop group radius
ip radius source-interface Vlan10
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 5 tries 2
radius-server host 10.254.4.22 key Cisco123
radius-server host 10.254.4.23 key Cisco123
radius-server deadtime 5
radius-server vsa send accounting
radius-server vsa send authentication
dot1x system-auth-control
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
authentication event server dead action reinitialize vlan 10
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication port-control auto
mab
dot1x pae authenticator
dot1x timeout tx-period 3
spanning-tree portfast
end