Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
483
Views
3
Helpful
3
Replies

Cisco ISE is Missing endpoint IP Address (Managed Forti Switch)

dimi.kard
Level 1
Level 1

‎11-26-2024 06:42 AM

Hello,

In our case we have a fortinet firewall (7.2.8) and about 30 fortiswitches managed by fortinet. We are going to  perform eap-tls auth with certificate for 802.1X users & computers and MAB for devices like printers, cameras,phones e.t.c. My issue is that while i am testing the authenticatio & authorization policy MAB devices authenticate & authorize successfully, cisco ise displays devices as connected but is not showing use the ip address of the endpoint device. Any guess why this happens ?

Labels:
0 Helpful
3 Replies 3

MHM Cisco World
VIP
VIP

‎11-26-2024 11:45 AM

In cisco SW we use ip helper to forward dhcp traffic into ISE

MHM

dimi.kard
Level 1
Level 1
In response to MHM Cisco World

‎11-26-2024 02:23 PM

On same deployment with cisco switches defining ISE as Radius, feeds into ISE endpoint ip addresses (either static or dhcp). I think it has to do with framed ip address avp missing (done packet caputer between fortinet firewall & ISE). 

thomas
Cisco Employee
Cisco Employee

‎12-02-2024 09:40 AM

Is Fortinet sending the Framed IP Address in the RADIUS Accounting Start message? That's the standard way for the network device to share it. You may need to enable this behavior on the network devices to share this attribute.

0 Helpful
Customers Also Viewed These Support Documents