So today i spent some time setting up Cisco TrustSec on my ISE installation as well as my Catalyst 3650 switch. I did all the mandatory configuration on the switch, including:
- Setting up ISE / Radius with a pac key.
- Setting up a CTS authorization list that references the ISE / Radius server.
- Setting up device credentials on the Switch.
- Setup ISE to allow TLS 1.0 (this is required in order to get a PAC key assigned from ISE).
- Getting the PAC key on the Switch.
Everything was looking good so far, but for the life of me i could not get the environment data from ISE. This was even though ISE said it was sending it back to the Switch, which i could verify from the Radius Live Logs.
After about 2 hours of searching online and looking at the Bug Search Tool, i decided to check out my radius attributes.
BAM! - right there i had set the attribute 6 as “mandatory”. This has been an issue for me in the past with Dot1X. After correcting my mistake and setting it to “on-for-login-auth” and clearing + refreshing environment data, everything worked!
Such a simple mistake causing so much grievance!
Anyways, i leave it here for others to learn from my mistake.
Now i can proceed to the next part in the TrustSec journey!
Take Care!!
/Kim