Viewing MAR cache content in ISE 2.1

cpaquet · ‎03-07-2017

Is there a way to see the content of the ISE MAR cache?

I know that I can look, one-by-one, to the authenticated sessions in Live Log, and see there if the session "WasMachineAuthenticated".

But what I'm looking for, is a way to see a listing of all the AD Machines currently in the MAR cache and their timeout values.

I look under Live Sessions for a filter, and I look also under reporting, but I can't find a way to see MAR cache, which is part of the Network Access Dictionnary.

Oh, and please don't mention that I should use EAP chaining with AnyConnect EAP-FAST instead of the Windows Native Supplicant with MAR. I'm aware of that option, but my question is really about how can I see the content of the current MAR cache. That's all I wish to know.

Thanks for your help.

Cath.

andrewswanson · ‎03-07-2017

Hi

I've been looking at this as well with little success. I had read somewhere that ISE maintains a MAR cache for each PSN node (stored locally on that PSN node).

I am running ISE 2.1 patch 3 and couldn't find any such cache on the PSNs (I could see a "tracking.log" file on the PSNs but it was always empty).

I did find a tracking.log file on the primary PAN node for the deployment but when I looked at the log contents I couldn't see anything about MAR cache

According to the document below, "tracking.log" should contain the following components:

Cache Tracker
Notification Tracker
Replication Tracker

I'm only seeing Nofication Traffic components and no Cache Tracker

http://www.cisco.com/c/en/us/td/docs/security/ise/2-0/admin_guide/b_ise_admin_guide_20/b_ise_admin_guide_20_chapter_011000.html#ID1116

Cheers
Andy

cpaquet · ‎03-07-2017

Andrew, glad to see that I have company in misery. Keep me posted please if you find anything.

Regards,

Cath.