Re: ISE Profiler Adding New MAC Each Time Anyconnect Is Used

ciscobacon · ‎08-28-2017

Hello all!

I am running into an issue where we have over 20x the endpoints in our database than we actually should have, as it appears whenever a client connects via Anyconnect the MAC address recorded is a variant of the user's MAC instead of a static one specfic to the machine. Is there a way to have Anyconnect use a wired or wireless MAC from the machine instead of a newly created one or a way for ISE to detect this and not record the new endpoint? Thanks for any and all help.

Francesco Molino · ‎08-28-2017

Hi

Which ISE version are you running?

Which feature are you using over anyconnect? (NAM, Posture...)?

Thanks

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

ciscobacon · ‎08-28-2017

Hi Francesco,

We are running ISE version 2.2 and are using none of the extra features of Anyconnect besides ISE as a RADIUS service for authentication/authorization.

Francesco Molino · ‎08-28-2017

Ok maybe I missunderstood something.

You're saying that you see 20x more mac than you have and each time you connect using Anyconnect...

Then why are you using Anyconnect to connect to the network?

I'm sorry if I don't get you.

I'm running 2.2 patch 2 and ISE 2.3 with lot of users connecting through anyconnect for posture for example and never faced that issue.

Can you give me more info and maybe also some screeshots to see what are we talking about?

Thanks

PS: Please don't forget to rate and select as validated answer if this answered your question

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question