cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1608
Views
15
Helpful
3
Replies

ISE 2.6 RADIUS Live Log Display Issue

alhoula
Level 1
Level 1

hello gentlemen, I appreciate your assist and time, please I need your help 

I think I have a bug/issue in ISE 2.6

The Live Logs are not displaying the system name of the remote device,  The first screenshots  2.4 ISE node show two records for 802.1x authentications.  The Identity field is filled with the system name.

Screenshot (71).png

the second screenshot for 2.6 ISE the identity field filled but not with the system name. 

 

Screenshot (72).png

Thanks in advance

1 Accepted Solution

Accepted Solutions

As I suspected, your clients using 2.4 are authenticating using EAP-Chaining (EAP-FAST) which allows ISE to see both the machine and user credentials together.  With VPN and PAP, there is no way to do that since you are only authenticating the user.  Even if you were to authenticate the machine and user on VPN, there is no way for both of those pieces of information to be tied together in the same authentication request.

View solution in original post

3 Replies 3

Colby LeMaire
VIP Alumni
VIP Alumni

Looks like your 2.4 system and clients are using EAP-Chaining and your 2.6 system and clients are not.  Compare the details between two successful authentications and walk through on the right side of the details step by step to see what is different.  Are these the same clients using both systems?

alhoula
Level 1
Level 1

thank you Colby for your time and response, 

actually, NO, not the same clients, 2.4 system clients are using :

Authentication ProtocolEAP-FAST (EAP-MSCHAPv2)
Authentication Methoddot1x

and accessing the network by wired method at the same network,

but for 2.6 system clients, they are remote users (VPN users) and using :

Authentication MethodPAP_ASCII
Authentication ProtocolPAP_ASCII

 

Is there any configuration needed for the posture to push to get the system name? I appreciate your time to help 

thanks in advance  

As I suspected, your clients using 2.4 are authenticating using EAP-Chaining (EAP-FAST) which allows ISE to see both the machine and user credentials together.  With VPN and PAP, there is no way to do that since you are only authenticating the user.  Even if you were to authenticate the machine and user on VPN, there is no way for both of those pieces of information to be tied together in the same authentication request.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: