05-06-2016 02:57 PM - edited 03-10-2019 11:44 PM
I cannot tell if there is any impact, but I have noticed that the session IDs for my endpoints only have 0's at the beginning where the guide says they should be the NAS hex version of its IP address. Am I missing something in my setup that would omit this from being added into the session-id?
Thanks for any guidance that can be provided.
sh auth sess int gi2/27 det
Interface: GigabitEthernet2/27
MAC Address: 2c59.e5bb.7908
IPv6 Address: Unknown
IPv4 Address: 10.203.169.133
User-Name: xyxxyxll<--my loginid
Status: Authorized
Domain: DATA
Oper host mode: multi-auth
Oper control dir: both
Session timeout: N/A
Common Session ID: 000000000000210300449BA4 <-- Leading 0's where NAS address should be???
Acct Session ID: 0x00004995
Handle: 0xA3000B9C
Current Policy: POLICY_Gi2/27
05-06-2016 06:16 PM
Hard to say without seeing your switch config. Do you have aaa session-id common configured?
05-06-2016 07:52 PM
The short answer is: yes, aaa session-id common is in the config. below is the complete aaa config
aaa new-model
aaa group server radius ISE-Prod
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authentication dot1x default group ISE-Prod
aaa authorization config-commands
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa authorization network default group ISE-Prod
aaa accounting dot1x default start-stop group ISE-Prod
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
aaa server radius dynamic-author
aaa session-id common
05-25-2016 07:56 AM
When you said, 'Do you have aaa session-id common configured?'
Did you mean this command in the config?
OR
Is there a radius attribute that I should add to get the info added into the Session ID?
I have it in the config, so I'm assuming there is a radius attribute missing? I have these already:
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
I read about this one: but do not see it in ISE docs as needed:
radius-server attribute 44 include-in-access-req <-- cant tell if it does anything ...doesn't change the session ID .
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide