cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

217
Views
5
Helpful
3
Replies
Highlighted
Beginner

Workstation Identity Using Other Devices Identity/MAC

This is a super weird issue and just curious if any one has seen anything like this. I received a call about an off-site location having issues with 3 ports (with VoIP and Windows 10 workstations) having an issues with authentication. Looking at the first two ports the computers and phones looked fine. Looking at the third port, I noticed that in the RADIUS Live logs something really weird. 


Usually in the RADIUS live logs i see the under Identity is the workstations host name, and the Endpoint ID is the MAC using dot 1x. MAB i would see the MAC under both the identity and endpoint id.

 

The History showed that the computer with lets say MAC ending in 1111. I guess at some point it didn't want to do dot 1x and it tried MAB. However the identity showed as a MAC of a phone on another port, same switch. It happened twice, the endpoint ID is that computers MAC however there are 3 different entries under identity, all using the MAC of another phone. 

 

example

Identity    EnpointID
3333        1111
2222         1111
hostname   1111

 

First and only time i've seen this. The computer is currently using 802.1x and is happy. But it blew my mind!

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Rising star

Re: Workstation Identity Using Other Devices Identity/MAC

I have seen issues like this with older versions of ISE.  Like 1.4, 2.0, and 2.1.  We would see endpoint records being merged together in the database so we would see Windows DHCP attributes and the Windows workstation name as identity but would also see a totally different MAC address and other attributes.  We concluded that there were database issues and records were getting merged together.  Or wrong endpoint records were updated when new information came in.  I haven't seen that in a long time though.  If your ISE system is an older version OR was upgraded over the years without a clean rebuild, then that may be what you saw.  When moving to a newer version of ISE, I usually try to do a clean install and put all the policies and configurations back in manually.  Especially if the system had been upgraded inline in the past from older versions.

View solution in original post

3 REPLIES 3
Highlighted
Rising star

Re: Workstation Identity Using Other Devices Identity/MAC

I have seen issues like this with older versions of ISE.  Like 1.4, 2.0, and 2.1.  We would see endpoint records being merged together in the database so we would see Windows DHCP attributes and the Windows workstation name as identity but would also see a totally different MAC address and other attributes.  We concluded that there were database issues and records were getting merged together.  Or wrong endpoint records were updated when new information came in.  I haven't seen that in a long time though.  If your ISE system is an older version OR was upgraded over the years without a clean rebuild, then that may be what you saw.  When moving to a newer version of ISE, I usually try to do a clean install and put all the policies and configurations back in manually.  Especially if the system had been upgraded inline in the past from older versions.

View solution in original post

Highlighted
Beginner

Re: Workstation Identity Using Other Devices Identity/MAC

Thanks for the Info!

 

We did do a clean build from 2.0 to 2.4, however we've just been updating to and patching and currently running 2.6 patch 3. I did just rebuild the 2.6 nodes. However, I did it the lazy way, unregister the old node, deployed a new node and registered it so that all the settings were transferred over. 

 

Thanks again for the advise. I'll look into this if we need to rebuild again. 

Highlighted
Cisco Employee

Re: Workstation Identity Using Other Devices Identity/MAC

If this issue seen again, best to engage Cisco TAC.