TrustSec

In my continued journey with Cisco TrustSec, I now have a verified switch configuration with all the components of basic TrustSec with ISE doing the policy and the switch doing the enforcement.

It was important to me to reach this point, as i now have to remember everything until this point in my practice. That and i dont have to fumble around a million different blog posts scattered all over the interwebs, in order to figure out what to do.

So today i spent some time setting up Cisco TrustSec on my ISE installation as well as my Catalyst 3650 switch. I did all the mandatory configuration on the switch, including:

• Setting up ISE / Radius with a pac key.
• Setting up a CTS authorization list that references the ISE / Radius server.
• Setting up device credentials on the Switch.
• Setup ISE to allow TLS 1.0 (this is required in order to get a PAC key assigned from ISE).
• Getting the PAC key on the Switch.

Everything was looking good so far, but for the life of me i could not get the environment data from ISE. This was even though ISE said it was sending it back to the Switch, which i could verify from the Radius Live Logs.