White Paper
© 2015 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information
Page 12 of 19
White Paper
Sample AAA Config
>>>
!
!
aaa authentication login default none
aaa authentication dot1x default group ISE
aaa authorization exec default none
aaa authorization network default group ISE
aaa accounting auth-proxy default start-stop group ISE
aaa accounting dot1x default start-stop group ISE
aaa accounting delay-start all
aaa accounting update periodic 120
!
!
aaa server radius dynamic-author
client 172.25.51.8 server-key cisco
!
!
radius server ISE
address ipv4 172.25.51.8 auth-port 1812 acct-port 1813
timeout 2
retransmit 3
pac key cisco
!
!
aaa group server radius ISE
server name ISE
!
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server attribute 31 mac format ietf upper-case
radius-server attribute 31 send nas-port-detail mac-only
radius-server retransmit 5
radius-server accounting system host-config
radius-server deadtime 10
radius-server dead-criteria time 5 tries 3
!
>>>
Configure CTS Credentials from enable promt for CTS Dot1x links / NDAC:
Switch# cts credentials id <device ID> password <password>