Hi
I have a Cat 9300-24T switch running IOS-XE 16.10.01 and configured with Device Sensor. I am testing Endpoint Profiling using the Cisco Device Sensor feature.
RADIUS accounting is configured to send Device Sensor data to ISE, but I don't see it in the RADIUS Accounting requests.
A quick Google search revealed that in earlier versions some folks had similar issues.
Is there a version of IOS-XE where Device Sensor data is sent via RADIUS ? If so, can someone please recommend a version? It would have to be 16.10 or later.
I am also getting conflicting information from Cisco web site about configuring these switches. The commands get deprecated so quickly, it's hard to keep up. Even the excellent Wired 802.1X Prescriptive Guide is mostly outdated because of the commands.
I have a standard RADIUS config and then these command specifically for the Device Sensor Accounting stuff:
CORE-01#show device-sensor details
Device-Sensor Details
--------------------------------------
Status = Enabled
Protocols:
-----------
CDP registered Proto Tlv Limit = 128
LLDP registered Proto Tlv Limit = 128
DHCP registered Proto Tlv Limit = 128
Protocol Filter Configuration:
---------------------------------
CDP Include List - CDP-LIST
LLDP Include List - LLDP-LIST
DHCP Include List - DHCP-LIST
CORE-01#show device-sensor cache interface gig 1/0/20
Device: 78bc.1a34.4ad4 on port GigabitEthernet1/0/20
----------------------------------------------------------------------------
Proto Type:Name Len Value Text
LLDP 6:system-description 199 0C C5 43 69 73 63 6F 20 41 ..Cisco A
50 20 53 6F 66 74 77 61 72 P Softwar
65 2C 20 61 70 33 67 33 2D e, ap3g3-
6B 39 77 38 20 56 65 72 73 k9w8 Vers
69 6F 6E 3A 20 38 2E 37 2E ion: 8.7.
31 30 36 2E 30 0A 54 65 63 106.0.Tec
68 6E 69 63 61 6C 20 53 75 hnical Su
70 70 6F 72 74 3A 20 68 74 pport: ht
74 70 3A 2F 2F 77 77 77 2E tp://www.
63 69 73 63 6F 2E 63 6F 6D cisco.com
2F 74 65 63 68 73 75 70 70 /techsupp
6F 72 74 0A 43 6F 70 79 72 ort.Copyr
69 67 68 74 20 28 63 29 20 ight (c)
31 39 38 36 2D 32 30 31 38 1986-2018
20 62 79 20 43 69 73 63 6F by Cisco
20 53 79 73 74 65 6D 73 2C Systems,
20 49 6E 63 2E 0A 43 6F 6D Inc..Com
70 69 6C 65 64 20 54 68 75 piled Thu
20 4D 61 79 20 32 34 20 31 May 24 1
32 3A 35 30 3A 32 33 20 50 2:50:23 P
44 54 20 32 30 31 38 20 62 DT 2018 b
79 20 76 69 70 65 6E 64 79 y vipendy
61 a
LLDP 5:system-name 18 0A 10 41 50 37 38 42 43 2E ..AP78BC.
31 41 33 34 2E 34 41 44 34
LLDP 7:system-capabilities 6 0E 04 00 04 00 04 ......
CDP 6:platform-type 25 00 06 00 19 63 69 73 63 6F ....cisco
20 41 49 52 2D 41 50 34 38 AIR-AP48
30 30 2D 5A 2D 4B 39 00-Z-K9
CDP 5:version-type 151 00 05 00 97 43 69 73 63 6F ...^WCisco
20 41 50 20 53 6F 66 74 77 AP Softw
61 72 65 2C 20 61 70 33 67 are, ap3g
33 2D 6B 39 77 38 20 56 65 3-k9w8 Ve
72 73 69 6F 6E 3A 20 38 2E rsion: 8.
37 2E 31 30 36 2E 30 0A 54 7.106.0.T
65 63 68 6E 69 63 61 6C 20 echnical
53 75 70 70 6F 72 74 3A 20 Support:
68 74 74 70 3A 2F 2F 77 77 http://ww
77 2E 63 69 73 63 6F 2E 63 w.cisco.c
6F 6D 2F 74 65 63 68 73 75 om/techsu
70 70 6F 72 74 0A 43 6F 70 pport.Cop
79 72 69 67 68 74 20 28 63 yright (c
29 20 32 30 31 34 2D 32 30 ) 2014-20
31 35 20 62 79 20 43 69 73 15 by Cis
63 6F 20 53 79 73 74 65 6D co System
73 2C 20 49 6E 63 2E s, Inc.
CDP 4:capabilities-type 8 00 04 00 08 00 00 00 03 ........
CDP 2:address-type 45 00 02 00 2D 00 00 00 02 01 ...-.....
01 CC 00 04 AC 1F 19 25 02 .L..,..%.
08 AA AA 03 00 00 00 86 DD .**....^F]
00 10 FE 80 00 00 00 00 00 ...^@.....
00 7A BC 1A FF FE 34 4A D4
CDP 1:device-name 20 00 01 00 14 41 50 37 38 42 ....AP78B
43 2E 31 41 33 34 2E 34 41 C.1A34.4A
44 34 D4
aaa accounting update newinfo periodic 2880
aaa accounting identity default start-stop group ISE-RADIUS
device-sensor notify all-changes
CORE-01#show radius server-group ISE-RADIUS
Server group ISE-RADIUS
Sharecount = 1 sg_unconfigured = FALSE
Type = standard Memlocks = 1
Server(192.168.0.221:1812,1813) Transactions:
Authen: 0 Author: 0 Acct: 14
Server_auto_test_enabled: TRUE
Keywrap enabled: FALSE
I have analysed the ISE tcpdump in Wireshark. I can see Interim Accounting updates, but they don't contain any Device Sensor Data.
.jpg "VIP Advisor"){kind=icon}
