06-24-2013 02:52 AM - edited 03-10-2019 08:34 PM
Hi all,
on ISE live authentication dashboard we can see IP address of the client (known from FRAMED-IP-ADDRESS).
But what about vlan change and the situation when client gets new IP address after relocation to different vlan.
Live logs shows only the first IP address - client mapping (from the guest vlan), after authorization new vlan and dACL is assigned but logs don't include new IP address.
session ID is the same all the time.
so maybe ip helper or other trick?
regards
06-24-2013 08:19 AM
can you check the accounting msg? if you config periodic accounting, you should see updated ip in accounting msg.
Sent from Cisco Technical Support iPad App
06-24-2013 09:36 AM
thx for reply.
I added "aaa accounting update newinfo" and I'll see tommorow how it works with anyconnect and 802.1x.
Meanwhile I think I must clarify what I meant
Not all logs have IP address present in live authentication (this is MAB for test only)
the situation with 802.1x and anyconnect is a bit better cause there are IP addresses but only from the first dhcp address assignment (authentication open with default ACL). Then if the policy changes vlan and the client gets new IP address from different scope we have wrong information in this log.
but getting back to our MAB...
details of this entry looks like:
so this is probably the reason that no IP address is visible it was too soon for MAB to get this info and send it as framed IP address (according to this config command "radius-server attribute 8 include-in-access-req")
nevertheless clicking the accounting details (from the 2nd screenshot)
we see that this information is present
so my first question is on which stage this column is fulfilled? only when "FRAMED-IP-ADDRESS" is send in radius-request? or from accounting?
maybe ISE should dynamically modify this record after each accounting newinfo message?
regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide