Jump to content


0

Issue CTS on SW2 (i86bi_linux_l2-ipbasek9-ms.high_iron_aug9_2017b.bin)


4 replies to this topic

#1 Oz001

Oz001

    Member

  • Members
  • PipPip
  • 19 posts
  • 45 thanks

Posted 07 May 2018 - 07:15 PM

HI all,


I am facing with a problem with CTS configuration

I've configured either on SW2 or ISE

Side Switch iol (i86bi_linux_l2-ipbasek9-ms.high_iron_aug9_2017b.bin) : after launched  the command  : CTS credentials id xxx pass xxx ,  i digit sho cts pacs and i get this : No PACs found in the key store.

Side ISE on logs i've this error : 11302 Received Secure RADIUS request without a cts-pac-opaque cisco-av-pair attribute
   5405 RADIUS Request dropped

Trying to figured out if is a problem of ios / ise or a mine configuration issue.

Is there any one has idea about it ?


Kindly appreciate any help

Thanks

Regards

Edited by Oz001, 07 May 2018 - 07:17 PM.


#2 tamanz77

tamanz77

    Junior Member

  • Members
  • PipPip
  • 5 posts
  • 1 thanks

Posted 08 May 2018 - 09:10 PM

Hello,

Did you generate the pac file on ISE and import it to ASA?
After that only you can configure cts on both ASA and switch.

#3 maxias

maxias

    Junior Member

  • Members
  • PipPip
  • 2 posts
  • 1 thanks

Posted 09 May 2018 - 08:57 AM

View PostOz001, on 07 May 2018 - 07:15 PM, said:

HI all,


I am facing with a problem with CTS configuration

I've configured either on SW2 or ISE

Side Switch iol (i86bi_linux_l2-ipbasek9-ms.high_iron_aug9_2017b.bin) : after launched  the command  : CTS credentials id xxx pass xxx ,  i digit sho cts pacs and i get this : No PACs found in the key store.

Side ISE on logs i've this error : 11302 Received Secure RADIUS request without a cts-pac-opaque cisco-av-pair attribute
   5405 RADIUS Request dropped

Trying to figured out if is a problem of ios / ise or a mine configuration issue.

Is there any one has idea about it ?


Kindly appreciate any help

Thanks

Regards

hi
do you have "
i86bi_linux_l2-ipbasek9-ms.high_iron_aug9_2017b.bin" image?

please share the image. thanks in advance.

#4 Oz001

Oz001

    Member

  • Members
  • PipPip
  • 19 posts
  • 45 thanks

Posted Today, 01:45 PM

HI Tamanz77, could pls to be more clear ?

After i've imported the PAC create on ISE  on vASA, I've configured SXP on vASA and vSwitch as follow :


vASA

aaa-server ISE protocol radius
aaa-server ISE (mgmt) host 150.1.7.212
key *****
cts server-group ISE
cts sxp enable
cts sxp default password *****
cts sxp default source-ip 150.1.7.60
cts sxp connection peer 150.1.7.45 source 150.1.7.60 password default mode peer speaker


ASA3/admin# sh cts pac

  PAC-Info:
    Valid until: May 11 2028 21:52:10
    AID:         092241a970f8b469bba28c7baaa4437c
    I-ID:        ASA3
    A-ID-Info:   ISE
    PAC-type:    Cisco Trustsec
  PAC-Opaque:
    000200b00003000100040010092241a970f8b469bba28c7baaa4437c00060094000301
    00cdd823cd0fb080d6ac3e11e10768110d000000135af5f92100093a8071ca294ced19
    c3594e9c7f5d6fcfa5538eadfadbe4412bf97f877f42c42a22b4575e6afcd0314c26ae
    2b40eae3152ec2424616e462beb33f21814315de9527d72bc30d27c6c8865a3a17c59b
    5d22a2c973aecd356d20b7313850d3756aed022eae98da9bcb9ed527fb197f5d86f8b6
    60c59243ec


ASA3/admin# cts refresh environment-data
Environment data update in progress


ASA3/admin# sh cts  environment-data
CTS Environment Data
====================
Status:                    Not Present
Last download attempt:     Failed ----> Here is the problem !
Last update time:          None
Env-data refreshes in:     0:00:00:29 (dd:hr:mm:sec)
Retry timer (60 secs) is running



On Vswitch


cts sxp enable
cts sxp default source-ip 150.1.7.45
cts sxp default password xxxx
cts sxp connection peer 150.1.7.60 source 150.1.7.45 password default mode peer listener hold-time 0

Do we need at least a Physical Switch 3750E to do that ?



Any Idea.

Thanks

#5 Oz001

Oz001

    Member

  • Members
  • PipPip
  • 19 posts
  • 45 thanks

Posted Today, 02:31 PM

HI Maxias

The link for the image :

https://www.4shared.com/s/fxOldDsaJda

Edited by Oz001, Today, 02:32 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Organization

Community

Downloads

Test Providers

Site Info


Go to top