Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1814
Views
15
Helpful
3
Replies

ISE 2.6 RADIUS Live Log Display Issue

Go to solution
alhoula
Level 1
Level 1

‎09-29-2020 05:21 AM - edited ‎09-29-2020 05:22 AM

hello gentlemen, I appreciate your assist and time, please I need your help 

I think I have a bug/issue in ISE 2.6

The Live Logs are not displaying the system name of the remote device,  The first screenshots  2.4 ISE node show two records for 802.1x authentications.  The Identity field is filled with the system name.

Screenshot (71).png

the second screenshot for 2.6 ISE the identity field filled but not with the system name. 

 

Screenshot (72).png

Thanks in advance

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Colby LeMaire
VIP Alumni
VIP Alumni
In response to alhoula

‎09-30-2020 06:38 AM

As I suspected, your clients using 2.4 are authenticating using EAP-Chaining (EAP-FAST) which allows ISE to see both the machine and user credentials together.  With VPN and PAP, there is no way to do that since you are only authenticating the user.  Even if you were to authenticate the machine and user on VPN, there is no way for both of those pieces of information to be tied together in the same authentication request.

View solution in original post

3 Replies 3

Go to solution
Colby LeMaire
VIP Alumni
VIP Alumni

‎09-29-2020 07:24 AM

Looks like your 2.4 system and clients are using EAP-Chaining and your 2.6 system and clients are not.  Compare the details between two successful authentications and walk through on the right side of the details step by step to see what is different.  Are these the same clients using both systems?

Go to solution
alhoula
Level 1
Level 1

‎09-30-2020 04:08 AM - edited ‎09-30-2020 04:23 AM

thank you Colby for your time and response, 

actually, NO, not the same clients, 2.4 system clients are using :

Authentication ProtocolEAP-FAST (EAP-MSCHAPv2)
Authentication Methoddot1x

and accessing the network by wired method at the same network,

but for 2.6 system clients, they are remote users (VPN users) and using :

Authentication MethodPAP_ASCII
Authentication ProtocolPAP_ASCII

 

Is there any configuration needed for the posture to push to get the system name? I appreciate your time to help 

thanks in advance  

0 Helpful

Go to solution
Colby LeMaire
VIP Alumni
VIP Alumni
In response to alhoula

‎09-30-2020 06:38 AM

As I suspected, your clients using 2.4 are authenticating using EAP-Chaining (EAP-FAST) which allows ISE to see both the machine and user credentials together.  With VPN and PAP, there is no way to do that since you are only authenticating the user.  Even if you were to authenticate the machine and user on VPN, there is no way for both of those pieces of information to be tied together in the same authentication request.

Customers Also Viewed These Support Documents