08-16-2018 09:33 AM - edited 08-21-2018 11:42 PM
Hello Friends!
We faced with a strange behaviour of ISE 2.4 patch2
In a live session table we have session status Start for every session.
But sessions is complete authen\author process. And stay in Authorized state on switch, but in Start state on ISE.
It looks like some accounting problem we have, but under Reports>Endpoint&User>Radius Accounting we see all necessary accounting messages Start\Interim-Update\Stop.
Maybe it`s because we use IBNS2.0 instead of legacy configuratiion.
Is it normal for IBNS2.0 with simultanious MAB and Dot1X under policy?
There is my policy-map config
policy-map type control subscriber IDENTITY-PM event session-started match-all 10 class always do-until-failure 10 authenticate using dot1x priority 10 20 authenticate using mab priority 20 event authentication-failure match-first 10 class AAA_SVR_DOWN_UNAUTHD_HOST do-until-failure 5 clear-authenticated-data-hosts-on-port 10 activate service-template CRITICAL_AUTH_VLAN 20 activate service-template DEFAULT_CRITICAL_VOICE_TEMPLATE 25 activate service-template CRITICAL-ACCESS 30 authorize 40 pause reauthentication 20 class AAA_SVR_DOWN_AUTHD_HOST do-until-failure 10 pause reauthentication 20 authorize 30 class DOT1X_NO_RESP do-until-failure 10 terminate dot1x 40 class MAB_FAILED do-until-failure 10 terminate mab 20 authentication-restart 60 50 class DOT1X_FAILED do-until-failure 10 terminate dot1x 20 authenticate using mab priority 20 60 class always do-until-failure 10 terminate dot1x 20 terminate mab 30 authentication-restart 60 event agent-found match-all 10 class always do-until-failure 10 terminate mab 20 authenticate using dot1x priority 10 event aaa-available match-all 10 class IN_CRITICAL_AUTH do-until-failure 10 clear-session 20 class NOT_IN_CRITICAL_AUTH do-until-failure 10 resume reauthentication event authentication-success match-all 10 class always do-until-failure 10 activate service-template INACTIVITY-TIMER event inactivity-timeout match-all 10 class always do-until-failure 10 unauthorize event violation match-all 10 class always do-until-failure 10 restrict
Thanks in advance
Tom
Solved! Go to Solution.
09-01-2018 06:55 PM
Nothing wrong with "Started" at all. This means ISE received a RADIUS accounting start for the session.
08-16-2018 09:00 PM
Well if it helps at least you see something in your Live Sessions. I have an escalated TAC case to figure out why I don't see anything. Mine started in patch 1, but patch 2 didn't fix anything in this regards.
08-17-2018 02:55 AM
Hi Paul!
Actually in Live Logs all looks fine, authorization profile aplied.
But in Live Session all sessions still mark as Started..
Looks weird)
Thanks,
Artem
09-01-2018 06:55 PM
Nothing wrong with "Started" at all. This means ISE received a RADIUS accounting start for the session.
09-10-2018 01:27 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: