01-29-2018 08:19 PM
I am seeing a lot of these lately ... I did a google search and I saw a comment from the Support Forum that it relates to clients that were being suppressed, and are now authenticating again. I have no idea what that means ... and the LiveLog detail below doesn't tell me which client or endpoint has been 'fixed'.
Any clues? The image below has not been edited - it's a straight copy and paste.
01-30-2018 06:49 AM
Arne-
Which version of ISE are you running?
If you click on the "Misconfigured Supplicant" alarm from the home page, it will give you a lot more information see example below:
Endpoint Id: 14:B0:1F:20:F0:10
Username: 14:B0:1F:20:F0:10
Radius Username: 14:B0:1F:20:F0:10
Network Device Name: Switch name
Access Type: All Device Types#Switches
Location: All Locations#Department
NAS IP: x.x.x.x 15039 Rejected per authorization profile
Selected Authorization Profile contains ACCESS_REJECT attribute
Authorization Profile with ACCESS_REJECT attribute was selected as a result of the matching authorization rule.
Check the appropriate Authorization policy rule-results.
The "silent" means that it has been a quite device and there is no real impact. You may want to check the "Anomolous Client Suppression" settings for the version you are using
HTH
Vince
01-30-2018 11:37 AM
HI Vince
using 2.3 patch 1 in production. Not patched to patch 2 yet.
I’ll have a look at my settings. But I was mostly questioning the quite useless LiveLog entry that doesn’t tell me what endpoint it’s referring to.
Does your version populate the endpoint for that LiveLog entry which then correlated to the Alarm data you mentioned?
01-30-2018 01:26 PM
Arne-
I am running 2.3 patch 2, but i do not even see those events in my Radius live logs,
i go into the Alarm panel from home and view the events through there. That is where all the details show
Vince
02-03-2018 03:40 PM
CSCvg36508 is an existing defect. It will take about 1 day for review before external accessible, as I just updated it.
It's addressed in ISE 2.4 only at the moment.
06-08-2018 05:20 AM
I'm using ISE 2.4 but I got this message too while trying to test BYOD with an Android device and Cisco WLC 2504.
I checked the WLC and enabling/disabling the features on the WLC had no effect. How can I get rid of this problem?
06-08-2018 06:10 AM
In your case, the report has an endpoint ID. Thus, it's not the same.
Please run RADIUS error report and RADIUS auth report on that endpoint ID. If that is not giving you enough info, please engage Cisco TAC.
04-28-2023 08:41 AM - edited 04-28-2023 08:54 AM
Found good information regarding this functionality in the following link:
https://www.networkworld.com/article/3053669/troubleshooting-ciscos-ise-without-tac.html
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: