10-13-2014 03:21 AM - edited 03-10-2019 10:06 PM
Hello.
I'm trying to get device-sensor working with a Cisco WS-C3850-24P (03.06.00E IOS 152-2.E) and Cisco ISE 1.2.1.198. I've setup the 3850 and ISE as per the documentation but it looked like ISE wasn't receiving any cdp information from the 3850. I ran a debug on the 3850 that showed the device-sensor working ok (the connected Cisco AP was in the cache) but when a radius accounting packet was sent to ISE, the cdp tlv attributes sent were 'blank'. I've tried applying a cdp filter to the device-sensor but the tlvs sent to ISE are always blank. Am I missing some commands or is this a bug? Config and debug are below.
Thanks
Andy
3850 Config excerpt
aaa accounting dot1x default start-stop group radius
!
device-sensor accounting
device-sensor notify all-changes
!
radius-server vsa send accounting
radius-server vsa send authentication
!
debug
Oct 13 10:22:20.824: DSENSOR: Providing CDP protocol TLV's
Oct 13 10:22:20.824: DSENSOR: Get protocol attr list for cdp
Oct 13 10:22:20.824: DSENSOR: Protocol returned list for cdp
<< cdp-tlv 0 00 21 00 04 00 00 00 00 >>
<< cdp-tlv 0 00 04 00 04 00 00 00 02 >>
<< cdp-tlv 0 00 03 00 0D 46 61 73 74 45 74 68 65 72 6E 65 74 30 >>
<< cdp-tlv 0 00 02 00 04 00 00 00 00 >>
<< cdp-tlv 0 00 06 00 1A 63 69 73 63 6F 20 41 49 52 2D 4C 41 50 31 31 33 31 41 47 2D 45 2D 4B 39 20 20 >>
<< cdp-tlv 0 00 05 00 F1 43 69 73 63 6F 20 49 4F 53 20 53 6F 66 74 77 61 72 65 2C 20 43 31 31 33 30 20 53 6F 66 74 77 61 72 65 20 28 43 31 31 33 30 2D 4B 39 57 38 2D 4D 29 2C 20 56 65 72 73 69 6F 6E 20 31 32 2E 34 28 32 35 65 29 4A 41 4D 32 2C 20 52 45 4C 45 41 53 45 20 53 4F 46 54 57 41 52 45 20 28 66 63 31 29 0A 54 65 63 68 6E 69 63 61 6C 20 53 75 70 70 6F 72 74 3A 20 68 74 74 70 3A 2F 2F 77 77 77 2E 63 69 73 63 6F 2E 63 6F 6D 2F 74 65 63 68 73 75 70 70 6F 72 74 0A 43 6F 70 79 72 69 67 68 74 20 28 63 29 20 31 39 38 36 2D 32 30 31 33 20 62 79 20 43 69 73 63 6F 20 53 79 73 74 65 6D 73 2C 20 49 6E 63 2E 0A 43 6F 6D 70 69 6C 65 64 20 4D**MSG 00008 TRUNCATED**
**MSG 00008 CONTINUATION #01** 6F 6E 20 32 39 2D 4A 75 6C 2D 31 33 20 31 31 3A 33 32 20 62 79 20 70 72 6F 64 5F 72 65 6C 5F 74 65 61 6D >>
<< cdp-tlv 0 00 01 00 08 6E 61 76 2D 61 70 2D 33 >>
Oct 13 10:22:20.828: RADIUS/ENCODE(00000000):Orig. component type = Invalid
Oct 13 10:22:20.828: RADIUS/ENCODE: Skip oversized (253 bytes) Cisco VSA cdp-tlv
Oct 13 10:22:20.828: RADIUS/ENCODE(00000000): Unsupported AAA attribute clid-mac-addr
Oct 13 10:22:20.828: RADIUS(00000000): Config NAS IP: 10.31.150.2
Oct 13 10:22:20.828: RADIUS(00000000): sending
Oct 13 10:22:20.829: RADIUS(00000000): Send Accounting-Request to <ISE_IP_ADDRESS>:1646 id 1646/65, len 412
Oct 13 10:22:20.829: RADIUS: authenticator FC 3E 76 AA 4C C9 91 A5 - 34 19 E8 E4 4A E8 F7 20
Oct 13 10:22:20.829: RADIUS: Vendor, Cisco [26] 24
Oct 13 10:22:20.829: RADIUS: Cisco AVpair [1] 18 "cdp-tlv= "
Oct 13 10:22:20.829: RADIUS: Vendor, Cisco [26] 24
Oct 13 10:22:20.829: RADIUS: Cisco AVpair [1] 18 "cdp-tlv= "
Oct 13 10:22:20.829: RADIUS: Vendor, Cisco [26] 33
Oct 13 10:22:20.829: RADIUS: Cisco AVpair [1] 27 "cdp-tlv= "
Oct 13 10:22:20.829: RADIUS: Vendor, Cisco [26] 24
Oct 13 10:22:20.829: RADIUS: Cisco AVpair [1] 18 "cdp-tlv= "
Oct 13 10:22:20.829: RADIUS: Vendor, Cisco [26] 46
Oct 13 10:22:20.829: RADIUS: Cisco AVpair [1] 40 "cdp-tlv= "
Oct 13 10:22:20.829: RADIUS: Vendor, Cisco [26] 28
Oct 13 10:22:20.830: RADIUS: Cisco AVpair [1] 22 "cdp-tlv= "
Oct 13 10:22:20.830: RADIUS: Framed-IP-Address [8] 6 10.31.120.114
Oct 13 10:22:20.830: RADIUS: User-Name [1] 19 "00-1D-45-A9-6B-76"
Oct 13 10:22:20.830: RADIUS: Vendor, Cisco [26] 49
Oct 13 10:22:20.830: RADIUS: Cisco AVpair [1] 43 "audit-session-id=0A1F960200000FC10E63C42E"
Oct 13 10:22:20.830: RADIUS: Vendor, Cisco [26] 18
Oct 13 10:22:20.830: RADIUS: Cisco AVpair [1] 12 "method=mab"
Oct 13 10:22:20.830: RADIUS: NAS-IP-Address [4] 6 10.31.150.2
Oct 13 10:22:20.830: RADIUS: NAS-Port [5] 6 60000
Oct 13 10:22:20.830: RADIUS: NAS-Port-Id [87] 22 "GigabitEthernet1/0/1"
Oct 13 10:22:20.830: RADIUS: NAS-Port-Type [61] 6 Ethernet [15]
Oct 13 10:22:20.830: RADIUS: Acct-Session-Id [44] 10 "00000FB7"
Oct 13 10:22:20.830: RADIUS: Class [25] 53
Oct 13 10:22:20.830: RADIUS: 43 41 43 53 3A 30 41 31 46 39 36 30 32 30 30 30 [CACS:0A1F9602000]
Oct 13 10:22:20.831: RADIUS: 30 30 46 43 31 30 45 36 33 43 34 32 45 3A 64 65 [00FC10E63C42E:de]
Oct 13 10:22:20.831: RADIUS: 76 2D 69 73 65 2F 32 30 32 32 34 31 38 31 31 2F [v-ise/202241811/]
Oct 13 10:22:20.831: RADIUS: 31 32 35 [ 125]
Oct 13 10:22:20.831: RADIUS: Acct-Status-Type [40] 6 Start [1]
Oct 13 10:22:20.831: RADIUS: Event-Timestamp [55] 6 1413192140
Oct 13 10:22:20.831: RADIUS: Acct-Delay-Time [41] 6 0
08-24-2015 02:09 AM
"so far everything is fine"
everything ? including device sensor ?
02-17-2016 08:05 PM
I seem to be running into this issue on a 3560 (WS-C3560V2-24PS) running C3560 Software (C3560-IPBASEK9-M), Version 15.0(2)SE9. We have a standardized configuration that we have deployed to all switches and Device-Sensor seems to work fine in my of environment. I have a case open with TAC to determine if my configuration is incorrect or if there is a bug. If there is a work around or fix I will post.
06-03-2019 03:21 PM - edited 06-03-2019 03:30 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide