Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3229
Views
15
Helpful
6
Replies

ISE: No RADIUS Live Logs with External or Token RADIUS config

Go to solution
cfitzgerald
Level 1
Level 1

‎01-06-2021 12:02 PM

I have been messing around with some VPN AuthN and AuthZ using Cisco ISE and Microsoft NPS as RADIUS Token vs RADIUS External server. I've noticed that since I switched to this Token or External sequence, I no longer see any events in the RADIUS live logs, even though a a Wireshark clearly shows the VPN appliance sending RADIUS requests to ISE, and then ISE forwarding those requests to NPS.

 

Just wondering if you think this expected when using RADIUS token or external? Or maybe I have a bug and need to talk with TAC?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
cfitzgerald
Level 1
Level 1
In response to Arne Bier

‎01-11-2021 05:48 AM

Yes, I am performing AuthZ on ISE as well. I had to reboot the appliance, and now the live logs are working again. Strange and worrisome.

View solution in original post

6 Replies 6

Go to solution
Arne Bier
VIP
VIP

‎01-10-2021 12:51 PM - edited ‎01-10-2021 12:54 PM

Hello

 

In both cases you should see Live Logs in ISE .

In the case of Token Servers, I have one use case where I use Token Servers (PSN loopback address as Token Server) to restrict access to ISE MyDevices portals (using a clever little trick) - it shows up in Live Logs.

 

Do you see the response from the NPS server back to ISE in the Wireshark? And BTW, does your External Server sequence, do you use ISE to perform Authorization? Perhaps that's the reason you don't see it in Live Logs - if ISE is just a proxy then there's nothing for ISE to do really (other than forward the request to another RADIUS server) - it's been a while since I have done a pure proxy setup - in most cases I use ISE to perform AuthZ too - and I can confirm that I see this in the LiveLogs (ISE 2.7)

 

radius.png

Go to solution
cfitzgerald
Level 1
Level 1
In response to Arne Bier

‎01-11-2021 05:48 AM

Yes, I am performing AuthZ on ISE as well. I had to reboot the appliance, and now the live logs are working again. Strange and worrisome.

Go to solution
Panos Bouras
Level 1
Level 1
In response to cfitzgerald

‎01-15-2021 01:25 AM

Hi @Arne Bier ,

 

I have seen this issue on ISE, Live logs not showing anything and you must restart the node to get Live Logs working again.

There's also the following bug (not sure if it's relevant to your situation)
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn12442/?rfs=iqvred

Thank you,Panos.
Please Rate Posts (by clicking on Star) and/or Mark Solutions as Accepted, when applies
0 Helpful

Go to solution
Arne Bier
VIP
VIP

‎01-13-2021 12:10 PM

The “option of last resort” eh? Well done. Hope you have better experience going forward. 

0 Helpful

Go to solution
fthiel92
Level 1
Level 1

‎01-28-2021 02:33 AM

Well my two cents on that topic, be careful when dealing with Radius Server Sequence :

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw66483/?rfs=iqvred

Once configured, if you touch it, it is not working anymore, you have to destroy/recreate sequence to make it work again (OR reboot everything)

Go to solution
Arne Bier
VIP
VIP
In response to fthiel92

‎01-28-2021 01:45 PM

Yep I ran into that issue myself yesterday. It was the weirdest thing ... things that were working suddenly stopped working. Basic things. Wondering when it might spontaneously happen again.

0 Helpful
Customers Also Viewed These Support Documents