Prime Infrastructure - Wired Client traffic

huangyu731 · ‎02-27-2020

Greetings all,

I am trying to troubleshoot a network issue and I want to look at the Client traffic through Cisco Prime 3.4.0. When I look at the dashboard and choose the "Wired" under the "Client Traffic", no data shows in the graph, however, when I click on "Wireless" tab, I do see traffic data in the graph.

The Cisco WLC and the Cisco switches are added to Prime Infrastructure.

And I check the historical data of "Wire" traffic back to a year ago, no data shown, but it always works for Wireless clients.

Does anyone have the same issue and if you have any idea how to fix this?

Thanks in advanced.

renjithg · ‎02-28-2020

wired client traffic is collected via ISE.

Devices must be configured with 802.1x port authenticated and wired client must be authenticated via ISE. Prime polls

ISE and collect this information.

Viewing Clients and Users

To view complete details in the Monitor > Monitoring Tools > Clients and Users page and to perform operations such as Radio Measurement, users in User Defined groups should have the required permission before they access the Monitor Clients, View Alerts & Events, Configure Controllers, and Client Location pages.

The following attributes are populated only when the ISE is added to Prime Infrastructure:

ISE
Endpoint Type
Posture
Authorization Profile Name

Prime Infrastructure queries the ISE for client authentication records for the last 24 hours to populate this data. If the client is connected to the network 24 hours before it is discovered in Prime Infrastructure, you might not see the ISE-related data in the table. You might see the data in client details page. To work around this, reconnect the client to the network. The ISE information is shown in the table after the next client background task run.

huangyu731 · ‎03-01-2020

Thanks renjithg,

Do you have a relevant documentation for the ISE configuration and integration with Cisco Prime Infrastructure?

Thanks heaps

renjithg · ‎03-01-2020

Hi huangyu731,

https://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-4/user/guide/bk_CiscoPrimeInfrastructure_3_4_0_UserGuide/bk_CiscoPrimeInfrastructure_3_4_0_UserGuide_chapter_01011.html

Set Up Enhanced Wireless Client Monitoring Using Cisco ISE

Add Cisco Identity Service Engines

A maximum of two ISEs can be added to Prime Infrastructure. If you add two ISEs, one should be primary and the other should be standby. When you are adding a standalone node, you can add only one standalone node and cannot add a second node.

To add an Identity Services Engine, follow these steps:

Procedure

Step 1

Choose Administration > Servers > ISE Servers .

Step 2

From the Select a command drop-down list, choose Add ISE Server , then click Go .

Step 3

Complete the required fields, then click Save .

The credentials should be superuser credentials local to ISE. Otherwise, ISE integration does not work.

Ensure to have port configured with 802.1x port authentication with ISE for AAA.

Craig Pitkin · ‎09-15-2021

Hi All

I am having issues with 3850's and 9300'S . Prime doesnt show an of the ISE details but does show client details , VLANS etc

What I dont see is the columns for ISE, auth type, auth profile, authentication

This is within the Montoring/Monitoring tools /Client users

Stange thing is is works for 3750's and 2960's . As I understand it the information missing comes from ISE ? Is this correct ?

Pulling my hair out trying to ficure why its not working for certain devices .

Had a TAC case open for months and they seem to be focusing on switch SNMP config have added the below command but still not sure its relevant and doesnt make it work .

snmp-server group NAME v3 auth context vlan- match prefix

Any help would be appreciated as I think TAC are at a loss or it hasnt gone to the right people ( after 3 month !!!)

Thanks

Craig