Please post/email copy of your NAD Profile as well as Live Log details on value of NAS-Port and NAS-Port-Id sent by switch.

I have attached the requested files

Note that 3rd-file is same as first.

Since the switch itself is sending value of NAS-Port-Id = 0, there is not much ISE can do with this value.  I know in later IOS releases there are options to set this manipulate the value for this attribute, but may not have option to change in cat2950 12.1.x code.

The alternative is NAS-Port.  There is a separate issue where value is not same as interface index.  We are looking at a workaround, but cannot discuss in public forum.  I suggest work with Cisco account team regarding potential enhancements and continue any further discussion related to beta code in beta support forum.

May be Switch doesn’t send Nas-Port-ID , So ISE is putting it as 0 value.

It send NAS port with a 50002 value and SNMP COA port bounce not working due to this.

Hope we can have a work around soon.Thank you again..

Per separate emails, this will be addressed in ISE 2.4 for Cisco switches by allowing modification of the NAS-Port value to match the SNMP ifIndex.

Hi Chyps,

If possible ,please make the the change to address SNMP ifindex values as we wanted, since different switches may have different SNMP ifindex values.

eg-5000X to 0000X

regards

Hasitha

Hasitha,

I have been working with Aruna internally on this configuration and this was the conclusion provided to Aruna (and assume Aruna has passed on to you).  In any case, this change has not been committed and will require enhancement.  Please continue to work with Aruna on this opportunity.

Regards, Craig

Hi Chyps,

thanks for the quick reply. We have another concern with 2950G switches.

How can we give access for guest users.

Switch Ports were configured with dot1x and  doesn’t support  MAB(mac authentication bypass) feature on the ports.

So how can we get captive portal using DHCP/DNS based Redirect method or using anyother method.

Can you tell us any workaround for guest user authentication.

regards

Hasitha

Hi All,

We have seen on the Radius Packet there is another attribute VSA Cisco-NAS-port=FastEthernet0/2*. But there is no place on ISE where we can use it.

Is it Possible to create a Radius Attribute map and get VSA Cisco-NAS-Port mapped to NAS-Port-Id.

Where  NAS-Port-Id = FastEthernet0/2*.

So then we can use NAS-port-ID SNMP COA?

Seems like this is a new question? Please ask in new thread with proper subject

We are checking is there any work around for 2950g posture check up..so that is why have asked on the same loop.

<<Extraneous content blocked>>

Currently no.  The updated CoA field is specific to IETF RADIUS attributes.  As discussed internally, the 2950 uses a different scheme than other Catalyst switches like 2960 for ifIndex.  It was too late for ISE 2.4 to make further changes to the handling for NAS-Port-Id translation.  Please continue to work with PM to help prioritize requirement for 2950.

Also, I have deleted extraneous links soliciting unrelated apps.  The Community forum should not be used for the purpose of random advertising.

thank you for the quick reply.

I thought we can manipulate  that NAS-port ID attribute with VSA-Cisco NAS port. Seems not.

Sorry for the inconvenience.