Solved: Re: ISE - Foreign/Anchor capturing data

craiglebutt · ‎10-07-2020

Hi

Have a Foreign/Anchor set on DMZ, got a free wifi service by a 3rd party.

There is no authentication configured, just a EOIP tunnel.

There is no profiling enabled, no radius, no helper address point to the ISE.

These Anchors point to their relevant Interface which is on a 172.17.*.*,

But I'm seeing endpoints on the ISE from these ranges I'm using.

I'm just looking to see where this traffic is coming from.

ise 2.2 patch 17

Colby LeMaire · ‎10-07-2020

I assume you have another SSID on these controllers that is using ISE for something. In your global Radius Accounting configuration on the WLC, check to make sure you do not have the checkbox enabled for network user. When it is enabled globally, it will send accounting records to ISE for ANY device that connects to ANY SSID. And if ISE receives an accounting record for a device, it will store it and count it as an endpoint.

View solution in original post

Colby LeMaire · ‎10-07-2020

I assume you have another SSID on these controllers that is using ISE for something. In your global Radius Accounting configuration on the WLC, check to make sure you do not have the checkbox enabled for network user. When it is enabled globally, it will send accounting records to ISE for ANY device that connects to ANY SSID. And if ISE receives an accounting record for a device, it will store it and count it as an endpoint.

craiglebutt · ‎10-08-2020

cheers for that