Re: context visibility endpoints rejected while radius live session authorized

wael.vs · ‎06-17-2021

dear cisco community

can someone please explain to me the below scenario.

we have polycom IP-Phones connected to our network, we used profiling to authorize the phones.

most of them works fine, but some of them shows as (15039 Rejected per authorization profile)

while in the Radius live log they seem to be authorized to the correct profile.

is it normal for the context visibility endpoint and the radius live logs to be like this, is the endpoint authorized or not.

please check the attached screenshots, your support is highly appreciated

Marcelo Morais · ‎06-17-2021

Hi @wael.vs ,

please check the Context Visibility info not in the main Context Visibility page, but inside the "Context Visibility's MAC Addr" and check the Authentication tab.

Note: check the CSCvj20453 Mismatch information in Context visibility.

Hope this helps !!!

thomas · ‎06-27-2021

What does the RADIUS LiveLog Details say about your Polycom-* Authorization Result?

Does it contain an Access-Reject since that is what the message means:

15039 Selected Authorization Profile contains ACCESS_REJECT attribute

Hard to tell if those are the same sessions since the details are not show or obscured for privacy.

hslai · ‎07-04-2021

This is a current limitation in ISE context visibility, such that the failure reason gets the last value and does not get cleaned up after a success auth.