Our fresh ISE 2.4 with Patch 1 installed is not identifying the Radius attributes correctly anymore.

Oberving the Authentications coming from a foreign WLC for WPA2/802.1X Guest Wlan show

"NAS Port Type" 19 instead of "Wireless - IEEE 802.11"

and

"Service Type" 2 instead of "Framed"

--> in Live Logs "Auth Method" shows "2"...

--> this leads ISE is not identifying the smart condition "Wireless_802.1X" anymore!!

Authentication is enabled via PEAP and works, but Policy Set will not be considered by ISE if i let Wireless_802.1X as condition set.

is this a bug?

Can someone clarify the WLAN-configuration and differences for the WLC's is correct as follows (rest is standard) as i think there could be the problem:

Security > AAA Servers > AAA Authentication enabled for WLAN on foreign WLC and also on the Anchor WLC? Or should it be disabled on Anchor?

Security > AAA Servers > AAA Accounting for WLAN only enabled on foreign WLC with Interim Update Set to 0 (Clients are not roaming here, only one foreign WLC present) and Accounting for WLAN not enabled on Anchor WLC

Advanced > Radius Client Profiling enabled on foreign WLC only

Advanced > DHCP Addr.Assignment set to required on both foreign WLC and Anchor WLC (Achor does DHCP)

Session timout is enabled for the WLAN on both WLCs to 43200secs

Security > Layer 2> Authentication Key Management > FT 802.1X is enabled on foreign WLC  but not Anchor...but i don't know what that means really.