Switch does not fill in the Calling-Station-ID with the MAC Address, therefore ISE 1.0 cannot do a normal MAB.
MAB was added to ISE 1.2 to support 3rd party devices like this one.
Service-Type = Login, not Call-Check.
There are NO debugs on the Nortel. Not a single one. So you cannot debug AAA, RADIUS, and you will need to use a sniffer. When you use the sniffer, since there are no debugs, it is not possible to see what the Nortel switch is actually doing with the received RADIUS messages.
Use Policy Sets...
Nortel MAB will send MAC Address as Username, but does not send Calling-Station-ID. Therefore: you must check the box to use the username for host-lookup.
Do NOT check the box to compare the password for the MAB - it will not work. Nortel sends the password as .<macaddress>. (example: .aabbccddeeff.) So therefore it is NOT the same format as the username which is AA:BB:CC:DD:EE:FF...
4550T-PWR#show running-config ! Embedded ASCII Configuration Generator Script ! Model = Ethernet Routing Switch 4550T-PWR ! Software version = v5.6.1.052 ! ! Displaying only parameters different to default !================================================ enable configure terminal ! ! *** CORE (Phase 1) *** ! ntp server 172.25.73.1 enable authentication-key 1 ntp authentication-key 1 "cisco" ntp interval 1440 ntp radius server host 10.1.100.231 acct-enable radius server host key "Cisco123" radius server host 10.1.100.231 used-by eapol acct-enable radius server host key "Cisco123" used-by eapol radius server host 10.1.100.231 used-by non-eapol acct-enable
We just purchased an additional 200 AnyConnect Plus licenses to go with the previous 25 we had before. I went into our Smart Account and converted the PAK to a SmartLicense, and the refreshed the Smart License in the FMC. However, I just can't figure out ...
I have discovered an issue I'm hoping someone can help me with. We are using an asa 5516X as a VPN headend for RA. All the RA traffic goes from the inside interface of the ASA to an FTD 2130. We ran some speed tests and found that when the traffic goes th...
Hello, There is a requirement in my environment to integrate all devices to Symantec endpoint protection.. the fmc is a viritual fmc on a VM.. is it possible to integrate fmc with Symantec ? Does fmc support this integration ? Thanks.