We have written a "Endstation Network Condition" with matches for Ipv4 addresses. We extended it with IPv6 addresses but it looks like Ipv6 are not working as "Endstation Network Condition"
We tested it with ise 2.4 SP6 and 2.6 SP1
Solved! Go to Solution.
I have a question about Endstation Network Conditions for IPv4.
I have configured “Network Conditions>>>Endstation Network Conditions>>>created Test_Endstation” and added the address IP 10.50.50.10 or alternatively 10.50.50.0/24.
In AUTHORIZATION POLICY I have the condition „Network Conditions: Test_Endstation”.
Endstation authentication/authorization with the address IP 10.50.50.10 (tested for MAB and DOT1X) is not matched with the prepared condition. I read that I need to add a command on the switch:
radius-server attribute 31 send nas-port-detail.
Additionally, I have added attributes for configuration:
mab request format attribute 32 vlan access-vlan
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
Did not work.
If I add MAC to Endstation Network Conditions >>> Test_Endstation, then the authorization works correctly and goes to AUTHORIZATION POLICY condition "Network Conditions: Test_Endstation". So for MAC it works for IP it doesn't work. What do I need to add to the switch configuration so that the IP address is sent in the network attributes?