cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2237
Views
5
Helpful
5
Replies

No Radius logs on Cisco ISE VM

aebassity
Level 1
Level 1

Hi,

 

I installed a Cisco ISE VM but I can't see Radius logs.
I checked the created Policy Sets and can see hits.


I checked the config and the logging settings but I can't find it.
See attachment for more info.

What can I do?

Koen

5 Replies 5

jalemanp
Cisco Employee
Cisco Employee
Hey,
How many ISE nodes do you have?
is the primary MNT server up and running? does it say it is sync'd?
What do you see in the "monitoring targets"?

Hi Koen

 

Before I forget, I noticed that you have a Policy called "TACACS" (it's a bit fuzzy in your PDF) but you are showing the RADIUS Policy Sets.  TACACS traffic will not be processed there.  You need to create TACACS Policy Sets under Work Centers > Device Administration > Device Admin Policy Sets.

 

Back to your Live Logs issue.

It would help to see your deployment under Administration > System > Deployment

 

Have you tried doing a tcpdump (Operations > Troubleshoot > Diagnostic Tools > TCP Dump) from the node that you believe is processing your 802.1X traffic?  That is the most basic test I would do.  If Radius traffic is indeed reaching your service node, then check whether you have defined that Radius NAD in the Network Devices (Admin > Network Resources >Network Devices). 

 

If your PSN's and MnT nodes are separated by a Firewall then your SYSLOGs might not be getting through.  Is this a distributed deployment, and if so, are there firewalls between them?

Hi Arne,

 

You are right. Rookie mistake. This was on the test environment. I removed the TACACS part and put it where it belongs.

 

I have a standalone deployment. See print-screen in previous post.

 

I'll check the TCP dump and come back to youu.

 

Koen

Hi,

It's a standalone configuration.

 

pic_1.png

 

hslai
Cisco Employee
Cisco Employee

In case the last authentication happened beyond 24 hours ago, then please run a report covering the time range of the authentications at Operations > Reports > Reports > Endpoints and Users > RADIUS Authentications.

The live logs view covers at most last 24 hours.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: