04-07-2022 07:34 AM
Dear Community,
Could you please reccomend which alert messages will be useful in case of 802.1x and MAB authentication and which could be turned on on the Cisco ISE server?
I assume that I should serch some with the RADIUS name, but if all are needed from this group and whether there are some others which chould infomr mainly why particular host cannot authenticate and identify where the host is connected?
I will apreciate for any hints in this topic.
Solved! Go to Solution.
04-07-2022 02:49 PM - edited 04-07-2022 09:32 PM
Hi @qualxarnu
I find it a journey of discovery every time
This is the link from Cisco documentation that lists all the SYSLOG events that ISE can send.
So I always do the following in the lab
Use a SYSLOG collector that you like and can use - e.g. Windows tftpd64 - it's easy to install and displays a nice GUI
Configure this collector as a Remote Logging Target in ISE - use UDP/514 to keep it simple.
Then enable ONE ISE Logging event at a time and point that event to your SYSLOG collector - then cause an event (e.g. 802.1X or MAB)
Observe what happens - then disable that event and enable another one.
The typical ones I use to monitor success/failure of RADIUS logins is
AAA Audit - Failed Attempts
AAA Audit - Passed Authentications
Accounting - RADIUS Accounting
that will give you something to look at.
04-07-2022 02:49 PM - edited 04-07-2022 09:32 PM
Hi @qualxarnu
I find it a journey of discovery every time
This is the link from Cisco documentation that lists all the SYSLOG events that ISE can send.
So I always do the following in the lab
Use a SYSLOG collector that you like and can use - e.g. Windows tftpd64 - it's easy to install and displays a nice GUI
Configure this collector as a Remote Logging Target in ISE - use UDP/514 to keep it simple.
Then enable ONE ISE Logging event at a time and point that event to your SYSLOG collector - then cause an event (e.g. 802.1X or MAB)
Observe what happens - then disable that event and enable another one.
The typical ones I use to monitor success/failure of RADIUS logins is
AAA Audit - Failed Attempts
AAA Audit - Passed Authentications
Accounting - RADIUS Accounting
that will give you something to look at.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide