Hi,
I am working on Cisco ISE (version 2.7, patch 5) integration with the 3rd party network device. According to the Admin Guide of the network device, the "User-Name" attribute MUST be included in CoA or Disconnect request.
So I created a new Network Device Profile which includes User-Name attribute in Disconnect.
And applied this profile on Device Profile when configuring Network Devices.
But from the packets dumped from the built-in tcpdump tool of ISE: Diagnostic Tools > TCP Dump, I didn't find User-Name in AVPs of Disconnect Request.
Did I miss some something?
hi Mohammed,
yes, I created a new authorization profile named ftnt_quarantine_profile and applied the device profile in Network Device Profile as well. furthermore I added Framed-IP-Address to Advanced Attributes Settings like below.
In Authorization Policy, I set condition to ftnt_quarantine which means ANC policy is quarantine, and applied ftnt_quarantine_profile on Results Profiles. when I sent one IP addr with ANC policy by REST API, I can see Hits was incremented by 1 like below.
To my understanding, "Hits" means the authorization policy is matched, right? But just like the packets dumped in Cisco ISE, neither User-Name nor Framed-IP-Address show up in AVP of Disconnect Request.
Any ideas? Thank you so much.
hi hslai,
Just now I set the value of "User-Name" attribute to 0. The result is same as before. No "User-Name" AVP is included in Disconnect Request.
Even I directly applied HPWired on Device Profile:
From the packets dumped from ISE, Disconnect Request still didn't contain "User-Name" AVP.
I'm wondering if this issue is a bug for V2.7, patch 5?
