07-31-2018 09:35 AM
Hi,
I installed a Cisco ISE VM but I can't see Radius logs.
I checked the created Policy Sets and can see hits.
I checked the config and the logging settings but I can't find it.
See attachment for more info.
What can I do?
Koen
07-31-2018 10:04 AM
07-31-2018 03:27 PM
Hi Koen
Before I forget, I noticed that you have a Policy called "TACACS" (it's a bit fuzzy in your PDF) but you are showing the RADIUS Policy Sets. TACACS traffic will not be processed there. You need to create TACACS Policy Sets under Work Centers > Device Administration > Device Admin Policy Sets.
Back to your Live Logs issue.
It would help to see your deployment under Administration > System > Deployment
Have you tried doing a tcpdump (Operations > Troubleshoot > Diagnostic Tools > TCP Dump) from the node that you believe is processing your 802.1X traffic? That is the most basic test I would do. If Radius traffic is indeed reaching your service node, then check whether you have defined that Radius NAD in the Network Devices (Admin > Network Resources >Network Devices).
If your PSN's and MnT nodes are separated by a Firewall then your SYSLOGs might not be getting through. Is this a distributed deployment, and if so, are there firewalls between them?
08-01-2018 02:11 AM
Hi Arne,
You are right. Rookie mistake. This was on the test environment. I removed the TACACS part and put it where it belongs.
I have a standalone deployment. See print-screen in previous post.
I'll check the TCP dump and come back to youu.
Koen
08-01-2018 02:01 AM
Hi,
It's a standalone configuration.
07-31-2018 08:55 PM
In case the last authentication happened beyond 24 hours ago, then please run a report covering the time range of the authentications at Operations > Reports > Reports > Endpoints and Users > RADIUS Authentications.
The live logs view covers at most last 24 hours.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: