09-22-2016 09:30 AM
I am running ISE 2.1 patch 1 and have a "Is this functioning as designed?" question.
In the Context Visibility->Endpoints display there is a two columns which seem to be miscoded. The "Authorization Policy" seems to be showing the "Authentication Policy" result. I always see "Default" in this column which is true for the authentication policy the endpoint hit but definitely not the authorization policy. The "Authorization Profile" is showing the authorization rule name not the authorization profile. There is a difference and a column called authorization profile should show the profile the endpoint hit not the rule name.
Are these as designed?
Solved! Go to Solution.
09-22-2016 09:41 AM
It might be a bug as the endpoint I checked has the same info as AllowedProtocolMatchedRule in the endpoint detail. Let me check with our teams.
09-22-2016 09:41 AM
It might be a bug as the endpoint I checked has the same info as AllowedProtocolMatchedRule in the endpoint detail. Let me check with our teams.
09-23-2016 06:19 AM
I found another bug on that Context Visibility screen. You can clearly see in the RADIUS Live Logs that the MAC address has correctly hit my Dot1x Domain Computer rule:
But Context Visibility shows it hitting the MAB Catch All rule:
I have a Wired MAB Policy Set and Wired Dot1x Policy Set. So it seems like it is recording the result from the MAB policy set which isn’t correct. The MAC is correctly authenticated via 802.1x from my Dot1x policy set.
You can also see the issue I described in the first part of my posting. The “Authorization Policy” is completely wrong and the “Authorization Profile” is showing the rule name not the actual profile name.
Paul Haferman
09-23-2016 08:22 AM
I think the authorization profile not getting updated, as it's not considered as an attribute significant to profiling classification. Thanks for the feedback and I will follow it up with our teams.
09-23-2016 09:38 PM
CSCvb46991 VCS mismatch/missing mapping -- authz policy and device id
CSCvb28481 EP data not updating in Context Visibility UI after CoA/re-auth
FYI
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide