06-17-2021 12:00 AM
dear cisco community
can someone please explain to me the below scenario.
we have polycom IP-Phones connected to our network, we used profiling to authorize the phones.
most of them works fine, but some of them shows as (15039 Rejected per authorization profile)
while in the Radius live log they seem to be authorized to the correct profile.
is it normal for the context visibility endpoint and the radius live logs to be like this, is the endpoint authorized or not.
please check the attached screenshots, your support is highly appreciated
06-17-2021 09:45 AM
Hi @wael.vs ,
please check the Context Visibility info not in the main Context Visibility page, but inside the "Context Visibility's MAC Addr" and check the Authentication tab.
Note: check the CSCvj20453 Mismatch information in Context visibility.
Hope this helps !!!
06-27-2021 04:35 PM
What does the RADIUS LiveLog
Does it contain an Access-Reject since that is what the message means:
15039 Selected Authorization Profile contains ACCESS_REJECT attribute
Hard to tell if those are the same sessions since the details are not show or obscured for privacy.
07-04-2021 08:39 PM
This is a current limitation in ISE context visibility, such that the failure reason gets the last value and does not get cleaned up after a success auth.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide