cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
483
Views
3
Helpful
3
Replies

Cisco ISE is Missing endpoint IP Address (Managed Forti Switch)

dimi.kard
Level 1
Level 1

Hello,

In our case we have a fortinet firewall (7.2.8) and about 30 fortiswitches managed by fortinet. We are going to  perform eap-tls auth with certificate for 802.1X users & computers and MAB for devices like printers, cameras,phones e.t.c. My issue is that while i am testing the authenticatio & authorization policy MAB devices authenticate & authorize successfully, cisco ise displays devices as connected but is not showing use the ip address of the endpoint device. Any guess why this happens ?

3 Replies 3

In cisco SW we use ip helper to forward dhcp traffic into ISE

MHM

On same deployment with cisco switches defining ISE as Radius, feeds into ISE endpoint ip addresses (either static or dhcp). I think it has to do with framed ip address avp missing (done packet caputer between fortinet firewall & ISE). 

thomas
Cisco Employee
Cisco Employee

Is Fortinet sending the Framed IP Address in the RADIUS Accounting Start message? That's the standard way for the network device to share it. You may need to enable this behavior on the network devices to share this attribute.