cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
551
Views
0
Helpful
3
Replies

endpoint Session ID does not contain NAS address but only zeros

ssschunk1
Level 1
Level 1

I cannot tell if there is any impact, but I have noticed that the session IDs for my endpoints only have 0's at the beginning where the guide says they should be the NAS hex version of its IP address.  Am I missing something in my setup that would omit this from being added into the session-id?

Thanks for any guidance that can be provided.

sh auth sess int gi2/27 det
                  Interface:  GigabitEthernet2/27
          MAC Address:  2c59.e5bb.7908
           IPv6 Address:  Unknown
           IPv4 Address:  10.203.169.133
              User-Name:  xyxxyxll<--my loginid
                      Status:  Authorized
                    Domain:  DATA
       Oper host mode:  multi-auth
     Oper control dir:  both
      Session timeout:  N/A
    Common Session ID:  000000000000210300449BA4  <-- Leading 0's where NAS address should be???
      Acct Session ID:  0x00004995
               Handle:  0xA3000B9C
       Current Policy:  POLICY_Gi2/27

3 Replies 3

Joseph Johnson
Level 1
Level 1

Hard to say without seeing your switch config. Do you have aaa session-id common configured?

The short answer is: yes, aaa session-id common is in the config.  below is the complete aaa config

aaa new-model
aaa group server radius ISE-Prod
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authentication dot1x default group ISE-Prod
aaa authorization config-commands
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa authorization network default group ISE-Prod
aaa accounting dot1x default start-stop group ISE-Prod
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
aaa server radius dynamic-author
aaa session-id common

When you said, 'Do you have aaa session-id common configured?'

Did you mean this command in the config?

OR

Is there a radius attribute that I should add to get the info added into the Session ID?

I have it in the config, so I'm assuming there is a radius attribute missing?  I have these already:

radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include

I read about this one: but do not see it in ISE docs as needed:

radius-server attribute 44 include-in-access-req <-- cant tell if it does anything ...doesn't change the session ID .