Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2257
Views
5
Helpful
4
Replies

Endstation Network Condition not working for IpV6

Go to solution
tthurner
Level 1
Level 1

‎06-13-2019 12:28 AM - edited ‎06-13-2019 12:38 AM

We have written a "Endstation Network Condition" with matches for Ipv4 addresses. We extended  it with IPv6 addresses but it looks like Ipv6 are not working as "Endstation Network Condition"

We tested it with ise 2.4 SP6 and 2.6 SP1

 

 

Preview file
10 KB
Preview file
14 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ldanny
Cisco Employee
Cisco Employee
In response to tthurner

‎06-13-2019 01:11 AM

Please open a case with TAC for further troubleshooting.

I would try adding the leading zeros if not yet done.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
ldanny
Cisco Employee
Cisco Employee

‎06-13-2019 12:52 AM

 have you tried to create a separate network condition only using ipv6 addressing ?

0 Helpful

Go to solution
tthurner
Level 1
Level 1
In response to ldanny

‎06-13-2019 12:55 AM

Of course. I tested also all formats means "Network with prefix 64" "Host with prefix 128" and also with and without "zeroes"

0 Helpful

Go to solution
ldanny
Cisco Employee
Cisco Employee
In response to tthurner

‎06-13-2019 01:11 AM

Please open a case with TAC for further troubleshooting.

I would try adding the leading zeros if not yet done.

0 Helpful

Go to solution
newjard
Level 1
Level 1

‎09-15-2021 04:12 AM

I have a question about Endstation Network Conditions for IPv4.
I have configured “Network Conditions>>>Endstation Network Conditions>>>created Test_Endstation” and added the address IP 10.50.50.10 or alternatively 10.50.50.0/24.
In AUTHORIZATION POLICY I have the condition „Network Conditions: Test_Endstation”.
Endstation authentication/authorization with the address IP 10.50.50.10 (tested for MAB and DOT1X) is not matched with the prepared condition. I read that I need to add a command on the switch:
radius-server attribute 31 send nas-port-detail.
Additionally, I have added attributes for configuration:
mab request format attribute 32 vlan access-vlan
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include

Did not work.
If I add MAC to Endstation Network Conditions >>> Test_Endstation, then the authorization works correctly and goes to AUTHORIZATION POLICY condition "Network Conditions: Test_Endstation". So for MAC it works for IP it doesn't work. What do I need to add to the switch configuration so that the IP address is sent in the network attributes?

Customers Also Viewed These Support Documents