Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
2059
Views
2
Helpful
0
Comments

Cisco SG500 Switch Configuration for ISE

ldanny
Cisco Employee
Cisco Employee

‎11-02-2017 01:35 AM - edited ‎02-21-2020 10:02 PM

 

Switch Configuration for 802.1X and Dynamic VLANs

dot1x system-auth-control
encrypted radius-server host 10.10.100.151 key <XXXXXXXX>
radius-server host source-interface vlan<#>
aaa authentication enable authorization default radius
aaa accounting dot1x start-stop group radius

interface gigabitethernet1/1/2
dot1x authentication 802.1x mac
dot1x radius-attributes vlan static
dot1x port-control auto                       
spanning-tree portfast
switchport mode access

 

ISE Settings

SG500 does not send the service type so we match only the Radius attribute NAS-Port-Type to meet 802.1X wired condition

 

Authorization Profile for Dynamic VLANs

By default the “Tag ID” is set to “1”, in this case it needs to be set to “0” as shown below.
The “ID/Name 402” is an example of a random vlan number that was used for the sake of this demonstration, you may set it as required.

 

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents