Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
605
Views
0
Helpful
0
Replies

AnyConnect and PPP connections with ISE

mumanika
Cisco Employee
Cisco Employee

‎01-17-2019 06:37 AM - edited ‎02-21-2020 09:32 PM

Hi All,

 

I recently came across a case where I can see that ISE displays the IP address under the endpoints column where there is traditionally a MAC address. 

The circumstances for this are when a user connects using AnyConnect VPN solution where the adapter initiating the connection is a PPP adapter. What I discovered was that the PPP adapter is not displaying a physical address as documented on the AnyConnect DART bundle. Due to this, AnyConnect fails to retrieve the "mdm-tlv=device-mac" attribute which ISE uses for VPN connections to learn the MAC address of the endpoint. See below: 

 

PPP adapter rel:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : rel
   Physical Address. . . . . . . . . : 
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : <redacted>(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 0.0.0.0
   DNS Servers . . . . . . . . . . . : <redacted>
 
   Primary WINS Server . . . . . . . : <redacted>
   Secondary WINS Server . . . . . . : <redacted>
   NetBIOS over Tcpip. . . . . . . . : Disabled

 

The question: Is it expected that PPP adapters do not display a physical MAC address?  If so, why? Any help on this is appreciated! 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents