Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
509
Views
5
Helpful
4
Replies

Cisco ISE VM Authentication Issue

Go to solution
ptlbhavo
Level 1
Level 1

‎10-17-2018 01:37 PM

Hello,

 

We have ISE 2.4 installed on VM for Network Users authentication. We have created the policies for Radio Network Device and Provision Server. When the radio privilege users trying to access network device with correct credentials, it is denying access because it is not pointing to right Authorization Policy.. See below Radius Log Message Output.

 

Authentication Policy Default >> Default
Authorization Policy Default >> Basic_Authenticated_Access
Authorization Result DenyAccess

 

Can anyone in the community had similar problem? Need help!

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Aravind Ravichandran
Level 3
Level 3
In response to ptlbhavo

‎10-18-2018 08:59 AM

Hi,

Change the device type from All device type to All device type#Microwave radio#Aviation eclipes radius in network device.

As the policy sets is not matching the precise condition All device type#Microwave radio#Aviation eclipes radius which is meant for Avit eclipes radio access policy set, its hitting the default policy set.

 

Thanks Aravind

-Aravind

View solution in original post

4 Replies 4

Go to solution
Arne Bier
VIP
VIP

‎10-18-2018 05:25 AM

It would help to share a screen shot of the Policy Set (Authentication as well as Authorization) and then also the final details pane of the Steps that ISE took.  ISE is pretty clear in most cases why something failed.

0 Helpful

Go to solution
ptlbhavo
Level 1
Level 1
In response to Arne Bier

‎10-18-2018 08:48 AM

Hi,

 

Here's how my network is.. My PC is connected to Router and also Radio device and ISE VM installed on the server is connected to the same router.

 

As requested I have shared my screen shots high lighting the problem area.

 

The problem here we are facing is.. On Device Setting page when we select all device type, it takes the default policy settings which you should see in my Radius screen shot report attached.

 

 

I send to My Cisco ISE Make a Policy Set Screen Shot in below.

Authorization PolicyAuthorization PolicySequence of Policy Set for Radius AuthenticationSequence of Policy Set for Radius AuthenticationNetwork DevicesNetwork DevicesRadius Log Report DetailsRadius Log Report Details

Policy.Physical PC (Server)Physical PC (Server)

 

Actually, I make Policy in Sequential(Round-Robin) Order to follow Rules but It will be Directly to Authenticated Default one..

 

Thanks,

Bhavin

0 Helpful

Go to solution
ptlbhavo
Level 1
Level 1
In response to Arne Bier

‎10-18-2018 08:50 AM

Hi,

 

Here's how my network is.. My PC is connected to Router and also Radio device and ISE VM installed on the server is connected to the same router.

 

As requested I have shared my screen shots high lighting the problem area.

 

The problem here we are facing is.. On Device Setting page when we select all device type, it takes the default policy settings which you should see in my Radius screen shot report attached.

 

 

I send to My Cisco ISE Make a Policy Set Screen Shot in below.

Authorization PolicyAuthorization PolicySequence of Policy Set for Radius AuthenticationSequence of Policy Set for Radius AuthenticationNetwork DevicesNetwork DevicesRadius Log Report DetailsRadius Log Report Details

Policy.Physical PC (Server)Physical PC (Server)

 

Actually, I make Policy in Sequential(Round-Robin) Order to follow Rules but It will be Directly to Authenticated Default one..

 

Thanks,

Bhavin

0 Helpful

Go to solution
Aravind Ravichandran
Level 3
Level 3
In response to ptlbhavo

‎10-18-2018 08:59 AM

Hi,

Change the device type from All device type to All device type#Microwave radio#Aviation eclipes radius in network device.

As the policy sets is not matching the precise condition All device type#Microwave radio#Aviation eclipes radius which is meant for Avit eclipes radio access policy set, its hitting the default policy set.

 

Thanks Aravind

-Aravind
Customers Also Viewed These Support Documents