cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2015
Views
0
Helpful
4
Replies

Context Visibility->Endpoints in ISE 2.1

paul
Level 10
Level 10

I am running ISE 2.1 patch 1 and have a "Is this functioning as designed?" question.

In the Context Visibility->Endpoints display there is a two columns which seem to be miscoded.  The "Authorization Policy" seems to be showing the "Authentication Policy" result.  I always see "Default" in this column which is true for the authentication policy the endpoint hit but definitely not the authorization policy.  The "Authorization Profile" is showing the authorization rule name not the authorization profile.  There is a difference and a column called authorization profile should show the profile the endpoint hit not the rule name.

Are these as designed?

1 Accepted Solution

Accepted Solutions

hslai
Cisco Employee
Cisco Employee

It might be a bug as the endpoint I checked has the same info as AllowedProtocolMatchedRule in the endpoint detail. Let me check with our teams.

View solution in original post

4 Replies 4

hslai
Cisco Employee
Cisco Employee

It might be a bug as the endpoint I checked has the same info as AllowedProtocolMatchedRule in the endpoint detail. Let me check with our teams.

I found another bug on that Context Visibility screen.  You can clearly see in the RADIUS Live Logs that the MAC address has correctly hit my Dot1x Domain Computer rule:

But Context Visibility shows it hitting the MAB Catch All rule:

I have a Wired MAB Policy Set and Wired Dot1x Policy Set.  So it seems like it is recording the result from the MAB policy set which isn’t correct.  The MAC is correctly authenticated via 802.1x from my Dot1x policy set.

You can also see the issue I described in the first part of my posting.  The “Authorization Policy” is completely wrong and the “Authorization Profile” is showing the rule name not the actual profile name.

Paul Haferman

hslai
Cisco Employee
Cisco Employee

I think the authorization profile not getting updated, as it's not considered as an attribute significant to profiling classification. Thanks for the feedback and I will follow it up with our teams.

hslai
Cisco Employee
Cisco Employee

CSCvb46991 VCS mismatch/missing mapping -- authz policy and device id

CSCvb28481 EP data not updating in Context Visibility UI after CoA/re-auth

FYI