Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
708
Views
0
Helpful
1
Replies

Cisco ISE 2.6 - Policy set cannot detect dot1x or MAB traffic when using library conditions for dot1x or MAB

Go to solution
qualxarnu
Level 1
Level 1

‎07-15-2019 03:49 AM

Hi All,

I'm trying to configure policy sets for dot1x and for MAB in ISE 2.6.
The problem is, when I'm using predefined policies for dot1x or for MAB, ISE doesn't detect that the communication was done by these methods.
I also tried for MAB to set conditions where I had (NAS port type = Ethernet AND Radius service = Call Check) or only Radius service = Call Check, but ISE server also didn't detect, that it's a MAB communication.
Proper detection for MAB works only, when I set the rule, which checks the Calling Station name.

For dot1x ISE matches for example protocols EAP-TLS or EAP-MSCHAPv2
Can someone please give an advise, what can be wrong?

P.S.
As an access switch I'm using Cisco SG300-10PP switch

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Surendra
Cisco Employee
Cisco Employee

‎07-15-2019 04:31 AM

SG series switches do not send the service-type attribute in RADIUS requests by default. I’m not sure if there is a setting or something to include this attribute in a RADIUS request either. Would suggest you to check with Small Business TAC.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Surendra
Cisco Employee
Cisco Employee

‎07-15-2019 04:31 AM

SG series switches do not send the service-type attribute in RADIUS requests by default. I’m not sure if there is a setting or something to include this attribute in a RADIUS request either. Would suggest you to check with Small Business TAC.
0 Helpful
Customers Also Viewed These Support Documents