cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3228
Views
15
Helpful
6
Replies

ISE: No RADIUS Live Logs with External or Token RADIUS config

cfitzgerald
Level 1
Level 1

I have been messing around with some VPN AuthN and AuthZ using Cisco ISE and Microsoft NPS as RADIUS Token vs RADIUS External server. I've noticed that since I switched to this Token or External sequence, I no longer see any events in the RADIUS live logs, even though a a Wireshark clearly shows the VPN appliance sending RADIUS requests to ISE, and then ISE forwarding those requests to NPS.

 

Just wondering if you think this expected when using RADIUS token or external? Or maybe I have a bug and need to talk with TAC?

1 Accepted Solution

Accepted Solutions

Yes, I am performing AuthZ on ISE as well. I had to reboot the appliance, and now the live logs are working again. Strange and worrisome.

View solution in original post

6 Replies 6

Arne Bier
VIP
VIP

Hello

 

In both cases you should see Live Logs in ISE .

In the case of Token Servers, I have one use case where I use Token Servers (PSN loopback address as Token Server) to restrict access to ISE MyDevices portals (using a clever little trick) - it shows up in Live Logs.

 

Do you see the response from the NPS server back to ISE in the Wireshark? And BTW, does your External Server sequence, do you use ISE to perform Authorization? Perhaps that's the reason you don't see it in Live Logs - if ISE is just a proxy then there's nothing for ISE to do really (other than forward the request to another RADIUS server) - it's been a while since I have done a pure proxy setup - in most cases I use ISE to perform AuthZ too - and I can confirm that I see this in the LiveLogs (ISE 2.7)

 

radius.png

Yes, I am performing AuthZ on ISE as well. I had to reboot the appliance, and now the live logs are working again. Strange and worrisome.

Hi @Arne Bier ,

 

I have seen this issue on ISE, Live logs not showing anything and you must restart the node to get Live Logs working again.

There's also the following bug (not sure if it's relevant to your situation)
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn12442/?rfs=iqvred

Thank you,Panos.
Please Rate Posts (by clicking on Star) and/or Mark Solutions as Accepted, when applies

Arne Bier
VIP
VIP

The “option of last resort” eh? Well done. Hope you have better experience going forward. 

fthiel92
Level 1
Level 1

Well my two cents on that topic, be careful when dealing with Radius Server Sequence :

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw66483/?rfs=iqvred

Once configured, if you touch it, it is not working anymore, you have to destroy/recreate sequence to make it work again (OR reboot everything)

Yep I ran into that issue myself yesterday. It was the weirdest thing ... things that were working suddenly stopped working. Basic things. Wondering when it might spontaneously happen again.