Switch does not fill in the Calling-Station-ID with the MAC Address, therefore ISE 1.0 cannot do a normal MAB.
MAB was added to ISE 1.2 to support 3rd party devices like this one.
Service-Type = Login, not Call-Check.
There are NO debugs on the Nortel. Not a single one. So you cannot debug AAA, RADIUS, and you will need to use a sniffer. When you use the sniffer, since there are no debugs, it is not possible to see what the Nortel switch is actually doing with the received RADIUS messages.
Use Policy Sets...
Nortel MAB will send MAC Address as Username, but does not send Calling-Station-ID. Therefore: you must check the box to use the username for host-lookup.
Do NOT check the box to compare the password for the MAB - it will not work. Nortel sends the password as .<macaddress>. (example: .aabbccddeeff.) So therefore it is NOT the same format as the username which is AA:BB:CC:DD:EE:FF...
4550T-PWR#show running-config ! Embedded ASCII Configuration Generator Script ! Model = Ethernet Routing Switch 4550T-PWR ! Software version = v5.6.1.052 ! ! Displaying only parameters different to default !================================================ enable configure terminal ! ! *** CORE (Phase 1) *** ! ntp server 172.25.73.1 enable authentication-key 1 ntp authentication-key 1 "cisco" ntp interval 1440 ntp radius server host 10.1.100.231 acct-enable radius server host key "Cisco123" radius server host 10.1.100.231 used-by eapol acct-enable radius server host key "Cisco123" used-by eapol radius server host 10.1.100.231 used-by non-eapol acct-enable
Hi,I have a deployment with 2 nodes. I had to reinstall a broken node. When I joined the new node to the deployment, sync finished successfully but authentication logs were not synchronised. How to force ISE to send all historical authentication logs from...
Hi, I have established a VPN between Cisco ASA and a Fortinet firewall. Phase 1 and Phase 2 are up and traffic is passing but after a while the VPN phase 2 drops and traffic is not able to be passed without logging/rebooting the tunnel manually...
Hi,I want to do the below setupSITE TO SITE VPN PRIORITYPriority 1 site1 192.168.2.0/24 site2 192.168.3.0/24Priority 2 site1 192.168.2.0/24 site3 192.168.4.0/24My question since the source (192.168.2.0/24) is same the traffic destined to 192.168.4.0/24 wi...