https://community.cisco.com/t5/network-access-control/cisco-ise-radius-live-log-is-empty/m-p/4839746#M581878 <P>I have built a 0home virtual lab and it comprises the following devices: CISCO ISE 3.2, Windows Server with CA,AD,DNS roles, and an access switch serving as NTP and NAD.</P><P>ISE and AD are integrated.</P><P>ISSUE:&nbsp;</P><P>when i test RADIUS authentication on the switch using&nbsp; #test aaa group &lt;ISEGROUP&gt; &lt;username&gt; &lt;password1&gt; new-code,&nbsp;</P><P>i get&nbsp;User successfully authenticated message which is OK,&nbsp;</P><P>However, i can't see the live sessions/logs ISE, It is empty.&nbsp;</P><P>in an attempt to resolve the issue: I have disabled "<SPAN>ISE Messaging Service", generated CSR for ise messaging, and re-enabled ISE messaging, but it couldn't work.&nbsp;</SPAN></P><P><SPAN>Below are my radius configs on the switch: </SPAN></P><P>aaa new-model<BR />aaa group server radius ISEGROUP<BR />server name ISESERVER<BR />ip radius source-interface Vlan1</P><P>aaa authentication dot1x default group ISEGROUP<BR />aaa authorization network default group ISEGROUP<BR />aaa authorization auth-proxy default group ISEGROUP<BR />aaa accounting update periodic 5<BR />aaa accounting dot1x default start-stop group ISEGROUP<BR />aaa accounting system default start-stop group ISEGROUP</P><P>aaa server radius dynamic-author<BR />client 192.168.48.2 server-key PasswordISE<BR />aaa session-id common</P><P>ip name-server 192.168.48.11<BR />ip device tracking</P><P>!<BR />dot1x system-auth-control<BR />!<BR />interface Vlan1<BR />ip address 192.168.48.254 255.255.255.0<BR />!<BR />ip default-gateway 192.168.48.4<BR />radius-server attribute 6 on-for-login-auth<BR />radius-server attribute 6 support-multiple<BR />radius-server attribute 8 include-in-access-req<BR />radius-server attribute 25 access-request include<BR />radius-server attribute 31 send nas-port-detail<BR />radius-server dead-criteria time 5 tries 3<BR />radius-server cache expiry 1<BR />radius-server vsa send accounting<BR />radius-server vsa send authentication<BR />!<BR />radius server ISESERVER<BR />address ipv4 192.168.48.2 auth-port 1812 acct-port 1813<BR />key PasswordISE</P><P><SPAN>&nbsp;</SPAN></P><P>&nbsp;</P><P>&nbsp;</P> Sun, 21 May 2023 14:21:02 GMT Tiroyaone72926925 2023-05-21T14:21:02Z https://community.cisco.com/t5/network-access-control/cisco-ise-radius-live-log-is-empty/m-p/4839746#M581878 <P>I have built a 0home virtual lab and it comprises the following devices: CISCO ISE 3.2, Windows Server with CA,AD,DNS roles, and an access switch serving as NTP and NAD.</P><P>ISE and AD are integrated.</P><P>ISSUE:&nbsp;</P><P>when i test RADIUS authentication on the switch using&nbsp; #test aaa group &lt;ISEGROUP&gt; &lt;username&gt; &lt;password1&gt; new-code,&nbsp;</P><P>i get&nbsp;User successfully authenticated message which is OK,&nbsp;</P><P>However, i can't see the live sessions/logs ISE, It is empty.&nbsp;</P><P>in an attempt to resolve the issue: I have disabled "<SPAN>ISE Messaging Service", generated CSR for ise messaging, and re-enabled ISE messaging, but it couldn't work.&nbsp;</SPAN></P><P><SPAN>Below are my radius configs on the switch: </SPAN></P><P>aaa new-model<BR />aaa group server radius ISEGROUP<BR />server name ISESERVER<BR />ip radius source-interface Vlan1</P><P>aaa authentication dot1x default group ISEGROUP<BR />aaa authorization network default group ISEGROUP<BR />aaa authorization auth-proxy default group ISEGROUP<BR />aaa accounting update periodic 5<BR />aaa accounting dot1x default start-stop group ISEGROUP<BR />aaa accounting system default start-stop group ISEGROUP</P><P>aaa server radius dynamic-author<BR />client 192.168.48.2 server-key PasswordISE<BR />aaa session-id common</P><P>ip name-server 192.168.48.11<BR />ip device tracking</P><P>!<BR />dot1x system-auth-control<BR />!<BR />interface Vlan1<BR />ip address 192.168.48.254 255.255.255.0<BR />!<BR />ip default-gateway 192.168.48.4<BR />radius-server attribute 6 on-for-login-auth<BR />radius-server attribute 6 support-multiple<BR />radius-server attribute 8 include-in-access-req<BR />radius-server attribute 25 access-request include<BR />radius-server attribute 31 send nas-port-detail<BR />radius-server dead-criteria time 5 tries 3<BR />radius-server cache expiry 1<BR />radius-server vsa send accounting<BR />radius-server vsa send authentication<BR />!<BR />radius server ISESERVER<BR />address ipv4 192.168.48.2 auth-port 1812 acct-port 1813<BR />key PasswordISE</P><P><SPAN>&nbsp;</SPAN></P><P>&nbsp;</P><P>&nbsp;</P> Sun, 21 May 2023 14:21:02 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-radius-live-log-is-empty/m-p/4839746#M581878 Tiroyaone72926925 2023-05-21T14:21:02Z https://community.cisco.com/t5/network-access-control/cisco-ise-radius-live-log-is-empty/m-p/4839825#M581880 <P>Have you checked the time/timezone on the ISE CLI?.&nbsp;</P> Sun, 21 May 2023 19:00:26 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-radius-live-log-is-empty/m-p/4839825#M581880 SHABEEB KUNHIPOCKER 2023-05-21T19:00:26Z https://community.cisco.com/t5/network-access-control/cisco-ise-radius-live-log-is-empty/m-p/4839863#M581881 <P>Are you perhaps suppressing the logging of "username" (sorry ... I had to ask <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P><STRONG>Administration &gt; System &gt; Logging &gt; Collection Filters</STRONG></P> <P>If not - Is this a standalone ISE node?&nbsp; If you're seeing Queue Link Errors in the Alarms Dashboard, then you should generate a CSR to regenerate the internal ISE Root CA cert. That fixes that. It might be related to the Live Logs.</P> <P>Have you applied any patch to ISE 3.2 ? Patch 2 is out now - worth trying that.</P> Sun, 21 May 2023 20:40:49 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-radius-live-log-is-empty/m-p/4839863#M581881 Arne Bier 2023-05-21T20:40:49Z https://community.cisco.com/t5/network-access-control/cisco-ise-radius-live-log-is-empty/m-p/4840231#M581910 <P>I am rebuilding the server, I will try your suggestion and get back to you</P><P>&nbsp;</P> Mon, 22 May 2023 13:10:50 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-radius-live-log-is-empty/m-p/4840231#M581910 Tiroyaone72926925 2023-05-22T13:10:50Z