This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
we are deploying a new PoC enviroment and we are running in a strange problem. It seems that counter for the active endpoints is not incrementing.
3 nodes of ISE in PAN failover running version 2.2 and an external web server with the scope to create guest user using API integration.
When the guest user is authenticated from guest DB on ISE, we are able to see the authentication session on ISE from "Operation --> Radius --> Live Logs and Live Session", but under "Context Visibility -- Endpoints -- Authentication" all endpoints are in disconnected or null status.
I can also see that the session status in Live session tab is always setted in "Started" or "Terminated" value.
Is anybody experiencing the same our problem? Is status session correct or we should have different value?
Solved! Go to Solution.
RADIUS Accounting is how ISE tracks the sessions and performs licensing counts.
I suspect that you are not sending RADIUS Accounting information from your NADs to ISE.
aaa accounting dot1x default start-stop group ISE-Group
IF it persists, verify you are using a validated version of NAD software from the Cisco Identity Services Engine Network Component Compatibility, Release 2.2 - Cisco
if, on ISE, I go in Operations -- Reports -- Endpoint and Users -- RADIUS Accounting I am able to see some logs from Accounting process (you can find an example below).
My NAD is WLC 5508 running version 8.2.130, and on SSID I have configured as accounting servers all PSN nodes in the same order of authentication servers.
I checked also that Accounting is enabled in Logging Categories List and it is collecting logs from LogCollector and LogCollector2.
11004 Received RADIUS Accounting-Request
11017 RADIUS created a new session
15049 Evaluating Policy Group
15008 Evaluating Service Selection Policy
15004 Matched rule
22083 User/group session counters incremented on accounting start
11005 Returned RADIUS Accounting-Response
Got exactly the same problem.
My WLC is 8.0.152 and there is no indication for RADIUS>Accounting there will be any Interim Update checkbox. Might my firmware to old, what do you think ?
can this command be used with Tacacs+ instead of Radius as well?
aaa accounting dot1x default start-stop group TACACS-Server-GROUP