Solved: ISE Use Case in the L2TP Dial-in ( nothing clients log )

hamidreza.taghipur · ‎06-23-2019

I have a router serving as a l2tp server. Clients connect to my router through internet and the authentication procedure is carried out by AAA (ISE 2.4 - Radius) server. The AAA is joined to a domain controller for the procedure. Clients can connect and ping any server inside my network, based on my policies which I have configured in AAA, but the problem is that csico ise radius log don't show any data regarding clients IP and MAC address . How can I configure cisco ise to capture clients' IP and MAC address?

please help me

howon · ‎06-23-2019

For VPN, typically the assigned (Internal) IP address is carried in the Framed-IP-Address field while external IP is carried in the Calling-Station-ID field in the RADIUS accounting packet. Confirm that RADIUS accounting is being sent from IOS to ISE via packet capture. Also, confirm that Framed-IP-Address & Calling-Station-ID field is carrying the IP. VPN gateway device will not send MAC address.

View solution in original post

howon · ‎06-23-2019

For VPN, typically the assigned (Internal) IP address is carried in the Framed-IP-Address field while external IP is carried in the Calling-Station-ID field in the RADIUS accounting packet. Confirm that RADIUS accounting is being sent from IOS to ISE via packet capture. Also, confirm that Framed-IP-Address & Calling-Station-ID field is carrying the IP. VPN gateway device will not send MAC address.