This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I am seeing a lot of these lately ... I did a google search and I saw a comment from the Support Forum that it relates to clients that were being suppressed, and are now authenticating again. I have no idea what that means ... and the LiveLog detail below doesn't tell me which client or endpoint has been 'fixed'.
Any clues? The image below has not been edited - it's a straight copy and paste.
Which version of ISE are you running?
If you click on the "Misconfigured Supplicant" alarm from the home page, it will give you a lot more information see example below:
Endpoint Id: 14:B0:1F:20:F0:10
Radius Username: 14:B0:1F:20:F0:10
Network Device Name: Switch name
Access Type: All Device Types#Switches
Location: All Locations#Department
NAS IP: x.x.x.x 15039 Rejected per authorization profile
Selected Authorization Profile contains ACCESS_REJECT attribute
Authorization Profile with ACCESS_REJECT attribute was selected as a result of the matching authorization rule.
Check the appropriate Authorization policy rule-results.
The "silent" means that it has been a quite device and there is no real impact. You may want to check the "Anomolous Client Suppression" settings for the version you are using
using 2.3 patch 1 in production. Not patched to patch 2 yet.
I’ll have a look at my settings. But I was mostly questioning the quite useless LiveLog entry that doesn’t tell me what endpoint it’s referring to.
Does your version populate the endpoint for that LiveLog entry which then correlated to the Alarm data you mentioned?
I am running 2.3 patch 2, but i do not even see those events in my Radius live logs,
i go into the Alarm panel from home and view the events through there. That is where all the details show
CSCvg36508 is an existing defect. It will take about 1 day for review before external accessible, as I just updated it.
It's addressed in ISE 2.4 only at the moment.
I'm using ISE 2.4 but I got this message too while trying to test BYOD with an Android device and Cisco WLC 2504.
I checked the WLC and enabling/disabling the features on the WLC had no effect. How can I get rid of this problem?
In your case, the report has an endpoint ID. Thus, it's not the same.
Please run RADIUS error report and RADIUS auth report on that endpoint ID. If that is not giving you enough info, please engage Cisco TAC.