cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1275
Views
5
Helpful
5
Replies
Highlighted
Beginner

No Radius logs on Cisco ISE VM

Hi,

 

I installed a Cisco ISE VM but I can't see Radius logs.
I checked the created Policy Sets and can see hits.


I checked the config and the logging settings but I can't find it.
See attachment for more info.

What can I do?

Koen

5 REPLIES 5
Highlighted
Cisco Employee

Hey,
How many ISE nodes do you have?
is the primary MNT server up and running? does it say it is sync'd?
What do you see in the "monitoring targets"?
Highlighted

Hi Koen

 

Before I forget, I noticed that you have a Policy called "TACACS" (it's a bit fuzzy in your PDF) but you are showing the RADIUS Policy Sets.  TACACS traffic will not be processed there.  You need to create TACACS Policy Sets under Work Centers > Device Administration > Device Admin Policy Sets.

 

Back to your Live Logs issue.

It would help to see your deployment under Administration > System > Deployment

 

Have you tried doing a tcpdump (Operations > Troubleshoot > Diagnostic Tools > TCP Dump) from the node that you believe is processing your 802.1X traffic?  That is the most basic test I would do.  If Radius traffic is indeed reaching your service node, then check whether you have defined that Radius NAD in the Network Devices (Admin > Network Resources >Network Devices). 

 

If your PSN's and MnT nodes are separated by a Firewall then your SYSLOGs might not be getting through.  Is this a distributed deployment, and if so, are there firewalls between them?

Highlighted

Hi Arne,

 

You are right. Rookie mistake. This was on the test environment. I removed the TACACS part and put it where it belongs.

 

I have a standalone deployment. See print-screen in previous post.

 

I'll check the TCP dump and come back to youu.

 

Koen

Highlighted

Hi,

It's a standalone configuration.

 

pic_1.png

 

Highlighted
Cisco Employee

In case the last authentication happened beyond 24 hours ago, then please run a report covering the time range of the authentications at Operations > Reports > Reports > Endpoints and Users > RADIUS Authentications.

The live logs view covers at most last 24 hours.

Content for Community-Ad