https://community.cisco.com/t5/network-access-control/context-visibility-gt-endpoints-in-ise-2-1/m-p/3452345#M537490 <HTML><HEAD></HEAD><BODY><P>I think the authorization profile not getting updated, as it's not considered as an attribute significant to profiling classification. Thanks for the feedback and I will follow it up with our teams.</P></BODY></HTML> Fri, 23 Sep 2016 15:22:19 GMT hslai 2016-09-23T15:22:19Z https://community.cisco.com/t5/network-access-control/context-visibility-gt-endpoints-in-ise-2-1/m-p/3452342#M537487 <HTML><HEAD></HEAD><BODY><P>I am running ISE 2.1 patch 1 and have a "Is this functioning as designed?" question.</P><P></P><P>In the Context Visibility-&gt;Endpoints display there is a two columns which seem to be miscoded.&nbsp; The "Authorization Policy" seems to be showing the "Authentication Policy" result.&nbsp; I always see "Default" in this column which is true for the authentication policy the endpoint hit but definitely not the authorization policy.&nbsp; The "Authorization Profile" is showing the authorization rule name not the authorization profile.&nbsp; There is a difference and a column called authorization profile should show the profile the endpoint hit not the rule name.</P><P></P><P>Are these as designed?</P></BODY></HTML> Thu, 22 Sep 2016 16:30:12 GMT https://community.cisco.com/t5/network-access-control/context-visibility-gt-endpoints-in-ise-2-1/m-p/3452342#M537487 paul 2016-09-22T16:30:12Z https://community.cisco.com/t5/network-access-control/context-visibility-gt-endpoints-in-ise-2-1/m-p/3452343#M537488 <HTML><HEAD></HEAD><BODY><P>It might be a bug as the endpoint I checked has the same info as AllowedProtocolMatchedRule in the endpoint detail. Let me check with our teams.</P></BODY></HTML> Thu, 22 Sep 2016 16:41:40 GMT https://community.cisco.com/t5/network-access-control/context-visibility-gt-endpoints-in-ise-2-1/m-p/3452343#M537488 hslai 2016-09-22T16:41:40Z https://community.cisco.com/t5/network-access-control/context-visibility-gt-endpoints-in-ise-2-1/m-p/3452344#M537489 <HTML><HEAD></HEAD><BODY><P>I found another bug on that Context Visibility screen.&nbsp; You can clearly see in the RADIUS Live Logs that the MAC address has correctly hit my Dot1x Domain Computer rule:</P><P></P><P></P><P></P><P>But Context Visibility shows it hitting the MAB Catch All rule:</P><P></P><P></P><P></P><P>I have a Wired MAB Policy Set and Wired Dot1x Policy Set.&nbsp; So it seems like it is recording the result from the MAB policy set which isn’t correct.&nbsp; The MAC is correctly authenticated via 802.1x from my Dot1x policy set.</P><P></P><P>You can also see the issue I described in the first part of my posting.&nbsp; The “Authorization Policy” is completely wrong and the “Authorization Profile” is showing the rule name not the actual profile name.</P><P></P><P></P><P></P><P>Paul Haferman</P></BODY></HTML> Fri, 23 Sep 2016 13:19:13 GMT https://community.cisco.com/t5/network-access-control/context-visibility-gt-endpoints-in-ise-2-1/m-p/3452344#M537489 paul 2016-09-23T13:19:13Z https://community.cisco.com/t5/network-access-control/context-visibility-gt-endpoints-in-ise-2-1/m-p/3452345#M537490 <HTML><HEAD></HEAD><BODY><P>I think the authorization profile not getting updated, as it's not considered as an attribute significant to profiling classification. Thanks for the feedback and I will follow it up with our teams.</P></BODY></HTML> Fri, 23 Sep 2016 15:22:19 GMT https://community.cisco.com/t5/network-access-control/context-visibility-gt-endpoints-in-ise-2-1/m-p/3452345#M537490 hslai 2016-09-23T15:22:19Z https://community.cisco.com/t5/network-access-control/context-visibility-gt-endpoints-in-ise-2-1/m-p/3452346#M537491 <HTML><HEAD></HEAD><BODY><P>CSCvb46991 VCS mismatch/missing mapping -- authz policy and device id </P><P>CSCvb28481 EP data not updating in Context Visibility UI after CoA/re-auth </P><P></P><P>FYI</P></BODY></HTML> Sat, 24 Sep 2016 04:38:08 GMT https://community.cisco.com/t5/network-access-control/context-visibility-gt-endpoints-in-ise-2-1/m-p/3452346#M537491 hslai 2016-09-24T04:38:08Z