09-16-2021 06:25 AM - last edited on 03-09-2022 11:15 PM by smallbusiness
Hello, In ISE live log, we can see many users record. Most of them have ip address. but some of them do not have ip address. Why it happen? Usually user get ip address first, and then contact ISE. without ip address, how it contact ISE? Thank you
09-16-2021 10:24 AM
ISE is contacted by the network device, not the user. I have also seen you usually don't see all info in the active session (Blue icon) vs the authentication info (Green icon) in live views.
09-16-2021 01:10 PM
Hi @Leftz ,
the Endpoint contact ISE without an IP Addr via EAP (Endpoint to NAD) and then RADIUS (NAD to ISE
In Operations > RADIUS > Live Logs ... you are able to check IP Addr info when you have a Session (Blue icon), not when you have a Auth Passed (Green icon).
Please take a look at: Tips for New ISE Administrators:
Auth Passed (Green check) Some examples of such status: ISE sent back RADIUS ACCESS-ACCEPT as result of the policy, successful ISE WebAuth, successful CoA, successful PAC provisioning.
Auth Failed (Red X) Some examples of such status: ISE sent back RADIUS ACCESS-REJECT as result of policy, failed ISE WebAuth, failed CoA, failed PAC provisioning, due to suppression settings, unknown NAD.
Session (Blue i) Accompanied by ‘Auth Passed’ and it means in addition to Auth Passed, ISE received RADIUS Accounting Start. As ISE receives RADIUS Accounting update for the session, the time for the session is updated via interim accounting update and the line item balloons up to the top of the Live Log.
Hope this helps !!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide