cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
576
Views
0
Helpful
3
Replies

Wierd Problem with Cisco ISE AuthC policy

marioderosa2008
Level 1
Level 1

Hi all,

I have defined an AuthC policy which is very similar to two other policies which work fine.

The condition is ONLY based on the NAS IP and once that is matched, the only protocol allowed is PAP and that the Internal Users DB should be consulted for the user.

Only thing is that when the RADIUS authentication request comes in, it does not match the policy I have created and matches the defaul Deny Access rule.

Attached are screenshots of what I have configured. If there is anything else that you may need me to tell you to help me troubleshoot this then let me know.

I thought it may be an issue with using the Internal User store, so instead I changed it to "AD1" which then makes it exactly the same as the other rules that work fine, but this rule still will not match.

I think this is another bug.

Any advice greatly appreciated thanks!

Mario De Rosa

1 Accepted Solution

Accepted Solutions

nspasov
Cisco Employee
Cisco Employee

Hello Mario-

Looking at the logs, the session is not using PAP/ASCII but instead it is using "dot1x" What type of scenario are you doing here?

 

Thank you for rating helpful posts!

View solution in original post

3 Replies 3

nspasov
Cisco Employee
Cisco Employee

Hello Mario-

Looking at the logs, the session is not using PAP/ASCII but instead it is using "dot1x" What type of scenario are you doing here?

 

Thank you for rating helpful posts!

Hi Neno,

 

yes you are correct, it was because I did not allow 802.1x in the Authentication policy.

 

The scenario is that we have a 3g mobile network and we are setting up RADIUS authentication for the 3g routers as they log in to the 3g cloud.

 

Thanks

 

Mario

Cool. Glad your issue is solved!