cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5134
Views
5
Helpful
9
Replies

Network Access:ISE Host Name Condition

joshhunter
Level 4
Level 4

Hello,

I'm struggling to get the "Network Access:ISE Host Name EQUALS <ISEHOSTNAME>"  condition to work fur Guest Portal Redundancy.

I understand it is case sensitive and I have tried Match and Contain but still it does not match.

Read through this document, ISE with Static Redirect for Isolated Guest Networks Configuration Example - Cisco

with no joy.

1 Accepted Solution

Accepted Solutions

Did you test it working with an earlier ISE release?

You may DEBUG on epm-pdp, epm-pip, and nsf-session, and then check ise-psc.log

View solution in original post

9 Replies 9

Timothy Abbott
Cisco Employee
Cisco Employee

Hi,

Could you try “Starts With” and see if it matches?

Regards,

-Tim

Hi Tim, I tried this too and no joy.

It is only a 2 node deployment and is definitely the correct node as I can see it in the Live Authentication details tab for client as Policy Server.

Which version of ISE are you using?

Regards,

-Tim

Very latest 2.1 Patch 1  (2.1.0.474) Patch 1

Did you test it working with an earlier ISE release?

You may DEBUG on epm-pdp, epm-pip, and nsf-session, and then check ise-psc.log

Hi Hslai, I received the debugs logs and I could see it was picking up the correct Authorization Policy.

I then went back to the RADIUS live logs and I could see again it was picking up the correct Authorization Policy.

So it is working , perhaps I was mistaking it for Authorization Profile name which is same as the old/duplicate rule.

Just to confirm I am using an attirbute of Network Access: ISE Hostname Equals <ISE HOSTNAME  CASE SENSITVE>

Thanks

Hi,

Same problem, the condition ISE Hostname Equals <ISE HOSTNAME  CASE SENSITVE> works for only one ISE but not for the other one.

It doesn't work with ISE 2.1 patch 2 neither.

Please open a TAC case if the setup is for production or customers'. In case it's your lab, please share debug log snippets and more details on

works for only one ISE but not for the other one.

Hi Thiabault, this actually worked fine for me in the end.

I had reviewed the RADIUS Live Logs incorrectly, it was actually hitting the correct Authorization Rule for ISE2, I was reading the logs wrongly and mistaking the Authentication Rule as being the Authz rule.

If this is for Guest WLC make sure you specific the correct PSN (RADIUS) server configured on your Guest Wireless SSID.

Also use the details tab under via RADIUS Live Logs for more information.

Thanks.