06-26-2018 02:29 AM
Our fresh ISE 2.4 with Patch 1 installed is not identifying the Radius attributes correctly anymore.
Oberving the Authentications coming from a foreign WLC for WPA2/802.1X Guest Wlan show
"NAS Port Type" 19 instead of "Wireless - IEEE 802.11"
and
"Service Type" 2 instead of "Framed"
--> in Live Logs "Auth Method" shows "2"...
--> this leads ISE is not identifying the smart condition "Wireless_802.1X" anymore!!
Authentication is enabled via PEAP and works, but Policy Set will not be considered by ISE if i let Wireless_802.1X as condition set.
is this a bug?
Can someone clarify the WLAN-configuration and differences for the WLC's is correct as follows (rest is standard) as i think there could be the problem:
Security > AAA Servers > AAA Authentication enabled for WLAN on foreign WLC and also on the Anchor WLC? Or should it be disabled on Anchor?
Security > AAA Servers > AAA Accounting for WLAN only enabled on foreign WLC with Interim Update Set to 0 (Clients are not roaming here, only one foreign WLC present) and Accounting for WLAN not enabled on Anchor WLC
Advanced > Radius Client Profiling enabled on foreign WLC only
Advanced > DHCP Addr.Assignment set to required on both foreign WLC and Anchor WLC (Achor does DHCP)
Session timout is enabled for the WLAN on both WLCs to 43200secs
Security > Layer 2> Authentication Key Management > FT 802.1X is enabled on foreign WLC but not Anchor...but i don't know what that means really.
Solved! Go to Solution.
06-26-2018 05:01 AM
If not working with preconfigured condition after patch install, but working with identical custom condition, then recommend open TAC case.
06-26-2018 03:14 AM
EDIT:
If I build an own Wireless_802.1X condition (Radius NAS-Port-Type = Wireless - IEEE 802.11 and Radius Service-Type = Framed) it works...
So why is ISE not identifiying its own built-in conditions correctly??
06-26-2018 05:01 AM
If not working with preconfigured condition after patch install, but working with identical custom condition, then recommend open TAC case.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide