04-03-2014 04:29 PM - edited 02-21-2020 05:09 AM
To whom who may help me :)
Problem Description: Mapping IP addresses to users are not happening.
Scenario: Two pairs of ISE 1.2 with patch 7 and using a CDA patch 2 in order to map users that do not directly login into Active Directory. I´m using the CDA as a syslog server, receiving the syslog messages from ISE and trying to populates the mapping table.
Tests that i´ve conducted so far:
- Reload the ISE and CDA.
- Changed the security levels of the syslogs
- Removed the Active Directory Servers from CDA so that I could have only one variable, the syslogs messages, to troubleshoot.
- Reconfigured ISE to send the syslog messages to a Solarwinds server to troubleshoot the messages ( at this point so far so good, I can see the messages sent from ISE to the external syslog server )
- Troubleshooted the ports open at CDA and ISE
- Changed from UDP to TCP , and vice versa, the syslog client protocol
- Followed the "Installation and Configuration Guide for Cisco Context Directory Agent, Release 1.0" doc
but nothing that i´ve done to this point I can see the mappings from users to IP addresses. Does anyone have any clue for this?
I´ve attached a couple of screenshoots for you to see!
DS
04-04-2014 08:03 AM
It sounds like you're setting it up correctly.
When you had the AD servers integrated were their authentication events mapped by CDA?
04-04-2014 08:13 AM
Marvin,
when I had the DCs configured I could see the events mapped in CDA.
DS
04-16-2014 02:39 PM
Hi David!
I've faced the same issue against IP-username mapping on CDA.
Have you solved it yet?
Regards,
04-16-2014 04:27 PM
Nothing so far. I´m waiting for TAC.
06-30-2014 10:28 AM
Hi David,
Me to in a similar situation , is there any update from TAC on this.? Thanks in advance.
Regards
06-30-2014 01:42 PM
I´m still troubleshooting this with TAC.
08-20-2014 12:45 AM
Has this been resolved? I have just installed CDA with patches 1, 2, and 3 and have the same issue. I see the username and IP in the syslog parsed by CDA, but don't see it mapped in CDA. The client IP is in FRAMED-IP of the syslog.
08-20-2014 10:25 AM
Same here...
I am waiting on TAC to let me know if I should install patch 3 to resolve my issue. So far I am running ACS 5.5 with syslogs to CDA and there is no IP-Mappings happening.
09-23-2014 06:35 PM
Hello,
I had the same (or close to the same issue) that CDA was telling me that it couldn't create the mapping because it was in the future. After some hunting it turns out that this issue (CSCun74460) was resolved for ISE in version 1.2 patch 2. I hope that Cisco released a similar update for ACS. It turns out that ISE had an incorrect DST time zone offset.
HTH
Kyle
04-04-2014 01:17 PM
Hi David,
I also have same problem. In CDA, i recieve syslog from ISE, but log is not include client ip address. Is it same? In log, i receive client name, device ip address (wlc) and other information.
04-07-2014 06:58 AM
I can see the messages being parsed but nothing appears in the IP-to-Identity messages!
04-11-2014 11:42 AM
I'm running in to a similar issue. I've verified that both authentication passed and radius accounting packets are being received by CDA from ISE, however, nothing ever gets placed in the mappings table. Something to note: when I put logging in to debug mode it shows that the authentication passed messages are parsed, however, the accounting messages are marked as "Incomplete message received, dropped". Has anyone had any luck getting CDA to parse and map the info correctly from ISE?
04-11-2014 11:45 AM
I´ve opened a case this morning. Let me see what Cisco says about this!
04-11-2014 01:13 PM
Good luck!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide