11-26-2024 06:42 AM
Hello,
In our case we have a fortinet firewall (7.2.8) and about 30 fortiswitches managed by fortinet. We are going to perform eap-tls auth with certificate for 802.1X users & computers and MAB for devices like printers, cameras,phones e.t.c. My issue is that while i am testing the authenticatio & authorization policy MAB devices authenticate & authorize successfully, cisco ise displays devices as connected but is not showing use the ip address of the endpoint device. Any guess why this happens ?
11-26-2024 11:45 AM
In cisco SW we use ip helper to forward dhcp traffic into ISE
MHM
11-26-2024 02:23 PM
On same deployment with cisco switches defining ISE as Radius, feeds into ISE endpoint ip addresses (either static or dhcp). I think it has to do with framed ip address avp missing (done packet caputer between fortinet firewall & ISE).
12-02-2024 09:40 AM
Is Fortinet sending the Framed IP Address in the RADIUS Accounting Start message? That's the standard way for the network device to share it. You may need to enable this behavior on the network devices to share this attribute.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide