03-07-2017 05:11 AM - edited 03-11-2019 12:31 AM
Is there a way to see the content of the ISE MAR cache?
I know that I can look, one-by-one, to the authenticated sessions in Live Log, and see there if the session "WasMachineAuthenticated".
But what I'm looking for, is a way to see a listing of all the AD Machines currently in the MAR cache and their timeout values.
I look under Live Sessions for a filter, and I look also under reporting, but I can't find a way to see MAR cache, which is part of the Network Access Dictionnary.
Oh, and please don't mention that I should use EAP chaining with AnyConnect EAP-FAST instead of the Windows Native Supplicant with MAR. I'm aware of that option, but my question is really about how can I see the content of the current MAR cache. That's all I wish to know.
Thanks for your help.
Cath.
03-07-2017 07:55 AM
Hi
I've been looking at this as well with little success. I had read somewhere that ISE maintains a MAR cache for each PSN node (stored locally on that PSN node).
I am running ISE 2.1 patch 3 and couldn't find any such cache on the PSNs (I could see a "tracking.log" file on the PSNs but it was always empty).
I did find a tracking.log file on the primary PAN node for the deployment but when I looked at the log contents I couldn't see anything about MAR cache
According to the document below, "tracking.log" should contain the following components:
Cache Tracker
Notification Tracker
Replication Tracker
I'm only seeing Nofication Traffic components and no Cache Tracker
http://www.cisco.com/c/en/us/td/docs/security/ise/2-0/admin_guide/b_ise_admin_guide_20/b_ise_admin_guide_20_chapter_011000.html#ID1116
Cheers
Andy
03-07-2017 09:47 AM
Andrew, glad to see that I have company in misery. Keep me posted please if you find anything.
Regards,
Cath.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: