cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1099
Views
4
Helpful
9
Replies
Enthusiast

Network Access:ISE Host Name Condition

Hello,

I'm struggling to get the "Network Access:ISE Host Name EQUALS <ISEHOSTNAME>"  condition to work fur Guest Portal Redundancy.

I understand it is case sensitive and I have tried Match and Contain but still it does not match.

Read through this document, ISE with Static Redirect for Isolated Guest Networks Configuration Example - Cisco

with no joy.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Network Access:ISE Host Name Condition

Did you test it working with an earlier ISE release?

You may DEBUG on epm-pdp, epm-pip, and nsf-session, and then check ise-psc.log

9 REPLIES 9
Cisco Employee

Re: Network Access:ISE Host Name Condition

Hi,

Could you try “Starts With” and see if it matches?

Regards,

-Tim

Enthusiast

Re: Network Access:ISE Host Name Condition

Hi Tim, I tried this too and no joy.

It is only a 2 node deployment and is definitely the correct node as I can see it in the Live Authentication details tab for client as Policy Server.

Cisco Employee

Re: Network Access:ISE Host Name Condition

Which version of ISE are you using?

Regards,

-Tim

Enthusiast

Re: Network Access:ISE Host Name Condition

Very latest 2.1 Patch 1  (2.1.0.474) Patch 1

Cisco Employee

Re: Network Access:ISE Host Name Condition

Did you test it working with an earlier ISE release?

You may DEBUG on epm-pdp, epm-pip, and nsf-session, and then check ise-psc.log

Enthusiast

Re: Network Access:ISE Host Name Condition

Hi Hslai, I received the debugs logs and I could see it was picking up the correct Authorization Policy.

I then went back to the RADIUS live logs and I could see again it was picking up the correct Authorization Policy.

So it is working , perhaps I was mistaking it for Authorization Profile name which is same as the old/duplicate rule.

Just to confirm I am using an attirbute of Network Access: ISE Hostname Equals <ISE HOSTNAME  CASE SENSITVE>

Thanks

Highlighted

Re: Network Access:ISE Host Name Condition

Hi,

Same problem, the condition ISE Hostname Equals <ISE HOSTNAME  CASE SENSITVE> works for only one ISE but not for the other one.

It doesn't work with ISE 2.1 patch 2 neither.

Cisco Employee

Re: Network Access:ISE Host Name Condition

Please open a TAC case if the setup is for production or customers'. In case it's your lab, please share debug log snippets and more details on

works for only one ISE but not for the other one.
Enthusiast

Re: Network Access:ISE Host Name Condition

Hi Thiabault, this actually worked fine for me in the end.

I had reviewed the RADIUS Live Logs incorrectly, it was actually hitting the correct Authorization Rule for ISE2, I was reading the logs wrongly and mistaking the Authentication Rule as being the Authz rule.

If this is for Guest WLC make sure you specific the correct PSN (RADIUS) server configured on your Guest Wireless SSID.

Also use the details tab under via RADIUS Live Logs for more information.

Thanks.