12-21-2022 11:56 AM
Hello
im doing wired 802.1x with some aruba switches the authenticacion is working perfectly but im getting problems on the endpoint part on the ISE im not getting the ip address, the ISE is integrated with stealthwatch and im not able to apply ANC policys because of these does anybody has an idea what migth be wrong?
on the Aruba switch i already enable IP Client Tracker, and im seeeing the ip address from the devices that already login on 802.1x on the same switch but on the ISE im not seeing that on the endpoint information only the mac address.
i was thinking it migth be something with the switche profile, but im still investigating does anyone have any ideas or solution for this.
Saludos,
Gerardo Andree Mejía García
12-21-2022 01:26 PM
With Cisco switches, it is the Device Sensor feature that sends the IP address learned by IP Device Tracking to ISE via RADIUS Accounting. I'm not sure if Aruba has a similar feature that is capable of sending this info to ISE via RADIUS. If they do not, you would likely need to relay DHCP from the L3 interface to the ISE PSN nodes and use the DHCP Profiling Probe to consume that info for the endpoint in ISE.
12-22-2022 08:11 AM
Hi Gerardo ,
To me it would appear that there's an issue of compatibility , please verify if you NAD is validated within the section "Validated Third Party Access Switches" in the following compatibility for ISE https://www.cisco.com/c/en/us/td/docs/security/ise/3-0/compatibility_doc/b_ise_sdt_30.html#Cisco_Reference.dita_3456b3da-c198-439e-bb7c-d1ca839e1751 as within those NAD, it as been confirmed that the features of ISE work fine.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide